Many companies experience mergers in acquisitions in which we need to consolidate accounts. Migrating one Office 365 tenant into another Office 365 tenant while keeping the same domain name requires that you do PLAN FOR DOWNTIME. Let’s take an example of Parent company A acquiring Child Company B. If you try to add child company B’s domain into Parent company A, you will receive an error saying that it already exist in another Microsoft account. For this reason, you must remove your primary domain from one tenant and recreate it in the other tenant. If done correctly, downtime should be limited to 30 minutes. In this article, i am going to give you best practices to follow using the BitTitan migration tool.
**Please Note** This is a highly level overview of the migration steps using BitTitan. For a complete step-by-step guide with screenshots, follow this link. While this guide is specific to BitTitan the same concepts can be followed using any tool.whi
Set Up the Destination Environment
CheckList:
Provision Users in Destination Office 365 Tenant
- They will be provisioned with the .onmcirosoft domain in this account
- Add One at a time
- Bulk Upload via Powershell
- Bulk Upload Via CSV
- Assign Licenses
In 365 Admin Center, Go to Setup>Domains>Add Domains
.
- *Note* This is where you will go to add the domain and verify with a TXT record after you remove from he source 365 tenant. For now users will have the .onmicrosoft.com as their primary SMTP address
#Bulk Import Users with Passwords Powershell#
Set Impersonation rights for the admin user
Connect to 365 Exchange Online with Powershell (Link in title) and run the following:
New-ManagementRoleAssignment -Role ApplicationImpersonation -User <admin_user_name>
Prepare Source/Destination for BitTitan
CheckList
*Note* You will have to connect to the Source 365 tenancy and 365 tenancy separately in powershell and run these commands in each session
Connect to Exchange Online with Powershell (Link in title) and run the following:
New-ManagementRoleAssignment -Role ApplicationImpersonation -User
Change Send/Receive size in office 365 to max of 150mb
Get-Mailbox | Set-Mailbox -MaxReceiveSize 150MB -MaxSendSize 150MB
Set Up A BitTitan Account
Create a Login
Click the Link to create a BitTitan username and password.
Create a Customer
Enter Primary Domain name and customer name
Send Out Agent to Re-configure Outlook Profiles
CheckList:
*NOTE* BitTitan comes with a tool called Deployment Pro which re-configures Outlook profiles after the migration. This can be pushed out either through GPO or email.
Determine whether sending out agent via GPO or Email
Track Users with Agent Installed
Devices will register and match users email address to computer in a one-to-one relationship. Each computer will have a "Heartbeat"
Prepare Migration Endpoints
CheckList:
Set up your source and destination endpoints in the BitTitan Portal
- The source endpoint can be found under Office 365
- Destination is Office 365
- Provide Admin Credentials for each endpoint
Autodiscover Users
- Clean Up User List as Needed
- Remediate UPN issues by clicking on Pencil icon next to users
- Source should contain .com address and destination should contain .onmicrosoft.com address
Verify Credentials
- This will tell you if there are errors
- Most Typical Errors are Insufficient Impersonation rights, wrong admin creds
- Shows “Completed Verification” upon success
Subscribe Users
- Select All Users>Click last Icon on top toolbar with 3 lines
- “Apply User Migration Bundle”
- Takes a 3-5 Minutes to propagate
Start Migration
CheckList:
Run Prestage Pass bringing mail from Source Tenant to Office 365
- This will bring over a bulk of the data before we remove the domain
- This is only making copies of the mail
- Set Prior to 60 days
- Any user whose status changes to “Failed” is almost 100% due to server timeout.
- Simply Re-Run these users
Run Full Pass to bring over remaining Mail, Calendars, Contacts, Notes, Rules
- Start once Full-Stage Pass has completed
- Can Run Up to 10 Delta Passes
- Make sure everyone goes into a “Completed Status”
Domain Removal From Source Tenant
Checklist:
Bulk Update all Users UPNs to .onmicrosoft.com domain in Source Tenant
- To Remove the domain, we need it removed from all records in the portal.
$UserCredential = Get-Credential
Connect-MsolService -Credential $UserCredential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber
$testpath = test-path c:\temp; If ($testpath -eq $false) {new-item -type directory c:\temp}; $dataout = @();
Get-MsolUser -All | ? {$_.UserPrincipalName -match “domain.com”} | % {Set-MsolUserPrincipalName -ObjectId $_.objectId -NewUserPrincipalName ($_.UserPrincipalName.Split(“@”)[0] + “@domain.onmicrosoft.com”); $dataout += “$($_.UserPrincipalName)” ; $_.UserPrincipalName };$dataout | out-file c:\temp\UPNChangeOutput.txt
Remove all alias with the domain
$Records = Get-mailbox -ResultSize Unlimited| where {$_.emailaddresses -like “smtp:*@domain.com”} | Select-Object DisplayName,@{Name=“EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_ -like “smtp:*domain.com”}}}
foreach ($record in $Records)
{
write-host “Removing Alias” $record.EmailAddresses “for” $record.DisplayName
Set-Mailbox $record.DisplayName -EmailAddresses @{Remove=$record.EmailAddresses}
}
Remove All Groups with the Domain
Get-MsolGroup -all | ?{$_.emailaddress -match “domain.com”} | Remove-MsolGroup -force
Remove the Domain
- The portal will notify you if there are any users/groups who still have the domain attached to their profile
- Work with GoDaddy if you need additional assistance
Recreate Domain in Destination 365 Tenant
Checklist:
Add the Domain to 365
- These steps are basically the reverse of what we just performed in the Source Tenant
- In the Destination 365 Admin Center, Go to Setup>Domains>Add Domains
- Add the domain and verify with a TXT record (can take about 5min before you can recreate)
Bulk Update all Users UPNs to .com domain
$UserCredential = Get-Credential
Connect-MsolService -Credential $UserCredential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber
$testpath = test-path c:\temp; If ($testpath -eq $false) {new-item -type directory c:\temp}; $dataout = @();
Get-MsolUser -All | ? {$_.UserPrincipalName -match “domain.onmicrosoft.com”} | % {Set-MsolUserPrincipalName -ObjectId $_.objectId -NewUserPrincipalName ($_.UserPrincipalName.Split(“@”)[0] + “@domain.com”); $dataout += “$($_.UserPrincipalName)” ; $_.UserPrincipalName };$dataout | out-file c:\temp\UPNChangeOutput.txt
Bulk Upload Distribution Lists
Create Two CSVs
- One has the Distribution Group Name and Primary SMTP Address
- One has the Group name and the members apart of that group
Import-Csv -Path ‘File Path’ | foreach {New-Distributiongroup -Name $_.Name -PrimarySmtpAddress $_.Address }
Import-Csv ‘File Path’ | foreach {Add-DistributionGroupMember -Identity $_.DL -Member $_.Alias}
Post-Migration Clean Up
Checklist:
Make Sure DMA Agent Ran Successfully
- DMA status will go into “Completed” after succesfull authentication by end user
- Any user that fails authentication 3x will go into an “error” status
- These users you will need to reschedule and make sure they have the correct 365 password
