This article relates to our Lift&Shift Office 365 tenancy migration solution.
When migrating accounts between Office 365 tenancies you'll have to make a choice as to whether you want to migrate the domain name along with the accounts. If you don't, this article is not relevant to you. If you do want the domain to be continued in the new tenancy then this article will hopefully be helpful.
The first thing to note is that a domain cannot be active in two different tenancies at the same time. So before you can register the domain in the new tenancy you need to fully remove it from the original source tenancy.
This is not as easy as you'd hope. Microsoft does provide some functionality in the Office 365 admin center for this process but in our lengthy experiences working in the Office 365 migration space, it almost never works.
So you've got to crack out PowerShell and do it the IT way.
- Powershell + Microsoft Sign-in Assistant
- Administrative Rights to the Office 365 Tenancy in Question.
- Office 365 DirectorySyncronisationEnabled = "False"
When removing a Domain from Office 365, Microsoft will recommend that you use the following command to reveal those who conflict upon domain removal:
Get-msoluser -DomainName [Domain]
This command can be useful however with this method will in fact only show "Msol User Objects". Attributes that associate to the domain are also found on MsolGroups, Msolcontacts + Exchange Objects.
To help with this we wrote a script (download from the bottom of the page). Our script has the ability to loop through all object types while removing all attributes that would associate to the domain that is specified.
But before we attempt to change any attributes, Directory Synchronisation must be "Disabled" in order for us to make changes. To Disable Directory Synchronisation, please run the following command with administrative privileges:
Set-MsolDirSyncEnabled -EnableDirSync $false
This action can take a while to take effect. We recommend waiting 30 minutes - 1 hour for all Objects to convert to "In-cloud" on Microsoft 365.
Once you can confirm objects are now "In-Cloud" within the Portal, Please continue to the step-by-step guide.
Below is a step-by-step guide:
1. Open a Powershell Window as an Administrator
2. Set ExecutionPolicy to 'Unrestricted'
Command: Set-ExecutionPolicy -ExecutionPolicy Unrestricted
3. Download the attached script, save it locally and then run via your PowerShell Window.
4. You will be asked to authenticate to Office 365. This will then import all necessary modules and connect you too Exchange Online.
5. Prompt for Selected Domain
6. Once connected you will be given a list of objects who associate to the domain specified in the step above.
7. Once the list of objects has been closed the process will begin.
8. For each object type, we will run the following:
- If the Microsoft address is present as a UserPrincipalName we will change the primary address too this.
- If the Microsoft Address is NOT present as a UserPrincipalName we will add the onmicrosoft.com address then change it too that.
9. Once step 8 has been handled we will then attempt to remove the proxy addresses that associated to "[Selected Domain]"
10. Script will prompt at completion. This is when all processes have been handled correctly.
You may run the script again to see if any users exist within the domain if you wish.
11. You should now be able to perform your Office 365 Domain Removal
Please contact firstname.lastname@example.org if you have any questions (even if you're not one of our customers and just want advice using the script).