Tenant To Tenant Migration Office 365 (Back-Out Plan Included)

This is a complete guide to perform the tenant to tenant migration Office 365.

2 or more weeks before migration

1. Check the domain ownership and capture the information and save.
2. Capture all the DNS records using this website.
3. Identify and capture the DNS records that are relevant to Exchange (if performing a domain transfer) – TXT, MX and SPF.
4. On each MX record, take note of the TTL value.

• We need to request that the TTL value be reduced to a smaller number, e.g., 5 minutes.
• If the TTL cannot be lowered to 5 minutes, make note of the lowest value. For example, if the lowest value is 4 hours, the MX record will have to be changed 4 hours before your migration begins.
• Request that the TTL be updated at least 8 hours before migration.

5. Check the domain’s availability using this link.

• This checks if you@domainname.onmicrosoft.com is already in use in another tenant. It checks SharePoint Online, but nine out of ten times if SharePoint Online is using the domain, you can be sure Exchange and/or UPN suffixes are also in use.

• If you try to add the domain to your tenant when it’s already taken as a domain name in another tenant, you get an error saying it’s already in use.

6. Determine which Microsoft 365 services are required for the domain.

• Exchange Online (TXT, MX, SPF, CNAME)
• Microsoft Teams
• Mobile Device Management

7. Decision needed: Discuss domain and DNS requirements.

Domain name:

• To transfer the domain name registration to tenant B (the destination tenant), initiates a transfer request.
• This generates an email to the current domain owner (tenant A, the source tenant) requesting approval for the transfer.
• The current owner needs to ensure the domain is unlocked for transfer and may need to generate an authorization code.
• Once the transfer is accepted the process could take between 24-48 hours to complete.
• Any services tied to the domain names that are hosted at the old registrar will stop working.

DNS Records:

Copy of ALL (not just Exchange) records so that the records are setup on the destination DNS servers.

8. Discuss with the project team what items do not get migrated using the BitTitan migration tool.

9. Request domain admin rights to the O365 admin portal at source.

Admin rights is required as part of the process. We need to remove the domain from the admin portal at source and then add the domain to destination.

10. Log into O365 admin portal at source and review the EXO mail rules and connectors.

11. Check that the domains and IP addresses are not blacklisted using mxtoolbox blacklists.

Important: If blacklisted, whitelist the domains and IP addresses.

12. Log into the O365 admin portal at source and export accepted domains, groups, mailboxes, resources, shared mailboxes and lists of users into Excel.

13. Review the size of each mailbox to be migrated.

• BitTitan can only migrate up to 50GB per license.
  If the mailboxes are larger, you may require additional licenses.

14. Review the mail setup

• Are there any forwarding rules?
• Delegate access
• Proxy addresses

15. Finalize the list of users, groups and shared mailboxes to be migrated.

16. Create all user mailboxes, shared mailboxes, distribution groups, security groups, contacts and resources at the destination.

17. Add delegate access to mailboxes and calendars at destination.

• Go to the Exchange admin center.
• Add delegate access to mailboxes and calendars.

18. Create user communications

• This just needs to be noted.
• The project manager manage these communications.

19. Create 2 test accounts at source

• Request that two test accounts be created at the source. 
• BitTitan will be used to migrate those test accounts to the destination.
• Make sure that the tenantname.onmicrosoft.com account is attached to each mailbox in Microsoft 365.
• Global admin account will be given full permissions (later in the document).

20. Populate the 2 test accounts at source with the following data:

• Email
• Folders
• Calendar (single and repeating appointments)
• Contact
• Tasks

21. Create 2 test accounts at the destination.

• Request that two test accounts be created at the source. 
• BitTitan will be used to migrate those test accounts to the destination.
• The global admin account will be given full permissions (later in the document).

22. Grant global admin account full access to mailboxes:

Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User “admin account” -AccessRights FullAccess -InheritanceType All -AutoMapping $false

23. EWS must be working on the source Exchange server

• BitTitan uses EWS to access source and destination domains.
• Without access, there will be no migration.

24. Test mailbox access by opening any other mailbox with the admin account using OWA

• Open the browser to https://office.com
• When prompted for credentials, enter the user name and password of the account to be used to access the mailbox.
• If using administrative credentials, open a new tab and paste the OWA URL: https://outlook.office365.com/owa/user@example.com.

25. Add tenantname.onmicrosoft.com as a proxy address to each mailbox at source.

We need to perform this because we will be removing the domain email addresses from all mailboxes before we can remove the domain from the tenant.

26. Connect to EXO PowerShell at source

27. Export and update proxy addresses to include @tenantname.onmicrosoft.com

Get-Mailbox -ResultSize Unlimited -Filter “emailaddresses -notlike ‘*@tenantname.onmicrosoft.com'” | select alias,primarysmtpaddress,emailaddresses |export-csv -NoTypeInformation “C:\Temp\mailboxes_output.csv”

Import-csv C:\Temp\mailboxes_output.csv| ForEach-Object {
$ID = $_.PrimarySmtpAddress
$alias = $_.Alias
$365Email = $alias + “@tenantname.onmicrosoft.com”
Set-Mailbox -Identity $ID -EmailAddresses @{add = $365Email}
}

28. Confirm that all mailboxes have been updated. Results should be zero.

Get-Mailbox -ResultSize Unlimited -Filter “emailaddresses -notlike ‘*@tenantname.onmicrosoft.com'” | select alias,primarysmtpaddress,emailaddresses

29. Grant the admin account full access to mailboxes at the destination

30. Connect to EXO PowerShell at the destination

Grant full mailbox access to the BitTitan service account over all acquired domain mailboxes at the destination.

Add-MailboxPermission -Identity “Destination mailbox -User “BitTitan service account” -AccessRights FullAccess -InheritanceType All -AutoMapping $false

31. Test mailbox access by opening any other mailbox with the admin account using OWA.

• Open the browser to https://office.com
• When prompted for credentials, enter the user name and password of the BitTitan service account to be used to access the mailbox.
• If using administrative credentials, open a new tab and paste the OWA URL:
  (https://outlook.office365.com/owa/user@example.com)

32. BitTitan license requirements

• 1 license per mailbox where the mailbox needs to be less than 50GB. If the mailbox is greater than 50GB, then it will require 2 licenses.
• Determine the total number of mailboxes to migrate and obtain the required number of licenses.

Note:

A license can be used up to 10 times per mailbox. This assumes the end point doesn’t change. If you are testing the BitTitan migration with test accounts, ensure you include the total number of test accounts needed in the license count.

33. Redeem licenses

• Log into the BitTitan console.
• On the top right-hand corner, click on the down arrow beside your name.
• Select “Redeem Coupon.”
• Enter the coupon code, then click “Apply.”
• A toast will appear, indicating the coupon has been redeemed.

Note:  Register for a BitTitan account if you don’t have an account, ensure your account is active by verifying your email address.

34. Create a BitTitan project

• Log into the BitTitan console.
• Click “Go to My Projects” -> “Create a Mailbox Project” -> “Create a Mailbox Project” -> “Next Step.”
• Enter the project name.
• At Customer Name, click “New” then add information.
• Click “Next step.”

35. At source settings:

• Click “New.”
• Enter an endpoint name.
• Select the endpoint at the source domain.
• Enter the admin credentials.
• Click “Add.”
• Click “Next Step.”

36. At destination settings:

• Click “New.”
• Enter an endpoint name.
• Select the endpoint at the destination domain.
• Enter the BitTitan admin credentials.
• Click “Add.”
• Click “Next Step.”

37. At tenant to tenant migration

• Do not select “Enable Tenant to Tenant Coexistence.”
• Click “Save and go to Summary.”
• Click “Save Project.”

38. Migrate test accounts to a destination using BitTitan: pre-stage migration

• Log into BitTitan console.
• Select the project name.
• Click on the drop-down arrow beside “Add” and select “Quick Add.”
• At source, enter the email address of the test account.
• At the destination, enter the email address of the test account.
• Click “Save Item and Add Another.”
• Repeat again for the other test accounts.
• Click “Save Item And Close.”

39. Perform a pre-stage migration

• Select all test accounts.
• Click on the down arrow beside “Start” and select “Pre-Stage Migration.”
• In the “Pre-Stage Migration” window, review the settings.
• At “Select what to migrate” confirm “Mail” is selected.
• At “Migration Scheduling” click on the down-arrow and select “Specific Time.”
• Select an appropriate date and time.
• Click “Start Migration.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

Important:

• Allow time for the migration to complete.
• The pre-stage migrates emails only.
• Calendars, contacts, journals, notes, and tasks will only migrate during a full migration.

40. Resolve any BitTitan error messages

• Select the accounts that errored.
• Click on the down arrow beside “Start” and select “Retry Errors.”
• In the “Retry Errors” window, review the settings.
• Click “Retry Errors.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

41. Use OWA to confirm the mailboxes contain the migrated data

• Open the browser and go to https://office.com
• When prompted for credentials, enter the user name and password of the account to be used to access the mailbox.
• If using administrative credentials, open a new tab and paste the OWA URL: https://outlook.office365.com/owa/user@example.com

42. At source: use OWA to send and receive additional email.

43. Perform a full migration.

• Log into the BitTitan console.
• Select the project name.
• Select all test accounts.
• Click on the down arrow beside “Start” and select “Full Migration”.
• In the “Full Migration” window.
• Review the settings.
• At “Select what to migrate” confirm that all options are selected.
• At “Migration Scheduling” do nothing.
• Click “Start Migration.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

44. Resolve any BitTitan error messages.

• Select the accounts that errored.
• Click on the down arrow beside “Start” and select “Retry Errors.”
• In the “Retry Errors” window, review the settings.
• Click “Retry Errors.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

45. Use OWA to confirm the mailboxes contain the migrated data.

• Open the browser and go to https://office.com
• When prompted for credentials, enter the user name and password of the account to be used to access the mailbox.
• If using administrative credentials, open a new tab and paste the OWA URL: https://outlook.office365.com/owa/user@example.com

46. Liaise with the business and confirm the date and time of migration. Confirm that other resources are available for migration.

47. If the decision was made to take ownership of the domain and DNS before migration, initiate the transfer.

1 week before migration

Export Exchange objects from source:

48. Log into EXO PowerShell at source.

49. Mailboxes:  Export UPN, alias, SMTP and proxy addresses

Get-Mailbox -ResultSize Unlimited | select userprincipalname,alias,primarysmtpaddress,emailaddresses | export-csv -NoTypeInformation “Backup_Source_Mailboxes.csv”

50. Groups: Export UPN, alias, SMTP and proxy addresses

Get-DistributionGroup -ResultSize Unlimited | select alias,primarysmtpaddress,emailaddresses | export-csv -NoTypeInformation “Backup_ Source_Groups.csv”

51. Calendar delegation:

Get-Mailbox | foreach {
write-host -fore green “Processing $_”
Get-MailboxFolderPermission -Identity “$($_.alias):\Calendar” | where {$_.User -notlike “Anonymous” -and $_.User -notlike “Default”}} | select Identity,User,@{name=’AccessRights’;expression={$_.AccessRights -join ‘,’}} | Export-Csv -NoTypeInformation “Backup_ Source_Calendar_Delegation.csv”

Export Exchange objects from destination:

52. Log into EXO PowerShell at the destination.

53. Contacts: Export name and email addresses.

Get-Recipient -Filter {RecipientType -eq “MailContact” -and EmailAddresses -like ‘domainname‘} | select DisplayName,RecipientType,ExternalEmailAddress,EmailAddresses | export-csv -NoTypeInformation “Backup_Destination_Contacts.csv”

54. Mailboxes: Export forwarding

For each mailbox:

get-Mailbox -Identity | select UserPrincipalName,DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress | export-csv -notypeinformation ‘Backup_Destination_Forwarding.csv’ -append

55. Pre-stage migration of all mailboxes: email older than 10 days

Important: For the source, use the onmicrosoft.com address.

Select the project name.
Click on the drop-down arrow beside “Add” and select “Bulk Add.”
Click on “Select File”, locate the CSV file created in step 1 then click “Open.”
The contents of the CSV will get imported and displayed on screen, click “Save.”

Pre-stage migration:

• Select all the accounts that were imported.
• Do not select the test accounts that were migrated previously.
• Click on the down arrow beside “Start” and select “Pre-Stage Migration.”
• In the “Pre-Stage Migration” window review the settings.
• At “Select what to migrate” confirm “Mail” is selected.
• At “Migration Scheduling” click on the down-arrow and select “Specific Time.”
• Select an appropriate date and time.
• Click “Start Migration.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

Important:

Allow time for the migration to complete.
The pre-stage migrates emails only.
Calendars, contacts, journals, notes, and tasks will only migrate during a full migration.

56. Resolve any BitTitan error messages.

• Select the accounts that errored.
• Click on the down arrow beside “Start” and select “Retry Errors.”
• In the “Retry Errors” window, review the settings.
• Click “Retry Errors.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

57. Add the domain then request a TXT record to verify we own the domain.

• In the Microsoft 365 admin center, go to Settings > Domains.
• Choose Add domain.
• Enter the name of the domain you want to add, then click Next.
• At Verify by, select the “TXT record” tab.
• Take note of the TXT name, TXT value and TTL value.
• Click Save and close (do not click Verify).

58. Setup IM federation so you have chat communications during pre-cutover.

Important: You cannot migrate any IM contacts to Microsoft Teams.

59. 1 day before migration

Migrate mailboxes – Full migration

• Log into the BitTitan console.
• Select the project name.
• Full migration.
• Select all accounts.
• Click on the down arrow beside “Start” and select “Full Migration.”
• In the “Full Migration” window review the settings.
• At “Select what to migrate” confirm that all options are selected.
• At “Migration Scheduling” do nothing.
• Click “Start Migration.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

Important: Allow time for the migration to complete.

60. Resolve any BitTitan error messages

• Select the accounts that errored.
• Click on the down arrow beside “Start” and select “Retry Errors.”
• In the “Retry Errors” window, review the settings.
• Click “Retry Errors.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

61. Migration day

[Optional] Change the TTL value on each MX record

• We should request that the TTL value be reduced to a smaller number. For example, 5 minutes
• If the TTL cannot be lowered to 5 minutes, make note of the lowest value. For example, if the lowest value is 4 hours, the MX record will have to be changed 4 hours before your migration begins.
• Request that the TTL be updated at least 8 hours before migration.

Remove domain dependencies from the source:

62. Log into Azure AD and EXO PowerShell at source.

[Optional] Change federated domains to managed, if applicable.

63. Run the following cmdlet to determine which domains are federated or managed:

Get-MsolDomain

If federated, change to managed:

Set-MsolADFSContext -Computer ADFS_Server_FQDN

Convert-MsolDomainToStandard -DomainName “Domain Name Here” -SkipUserConversion:$true -PasswordFile C:\passwords.txt

64. Run the following cmdlets to verify the domains are managed:

Get-MsolDomain

[If applicable] Disable the directory synchronization.

Set-MsolDirSyncEnabled -EnableDirSync $false

[If Applicable] SharePoint Online public website

65. If you had also set up your domain with a SharePoint Online public website, then before you can remove the domain, you first have to set the website’s URL back to the initial domain.

[If Applicable] Teams

Remove all Teams licenses from the users in the source tenant. This will remove the SIP attribute from their proxy addresses.

66. Set the default domain in the source tenant to domainname.onmicrosoft.com

• In the Microsoft 365 admin center, go to Settings > Domains.
• On the Domains page, choose the domain you want to set as the default for new email addresses.
• Choose Set as default.

67. Change all mailbox UPNs to domainname.onmicrosoft.com. Replace the domainname with your domain name.

Get-MsolUser -all | select-object UserPrincipalName,ObjectID | export-csv -NoTypeInformation “User.csv”

Import-csv User.csv| ForEach-Object {
$ID = $_.UserPrincipalName
$ObjectID = $_.ObjectID
$365Email = $ID.Split(“@”)[0] + “@ domainname.onmicrosoft.com”
Set-MsolUserPrincipalName -ObjectId $ObjectID -NewUserPrincipalName $365Email}

68. Confirm the UPNs have been updated.

Get-MsolUser -all | select-object UserPrincipalName,ObjectID

69. Change all distribution groups primary SMTP address to domainname.onmicrosoft.com. Replace the domainname with your domain name.

Get-DistributionGroup -ResultSize Unlimited | select-object PrimarySMTPAddress | export-csv -NoTypeInformation “DL.csv”

Import-csv DL.csv| ForEach-Object {
$ID = $_.PrimarySmtpAddress
$365Email = $ID.Split(“@”)[0] + “@domainname.onmicrosoft.com”
Set-DistributionGroup -Identity $ID -primarysmtpaddress $365Email}

70. Confirm the primary SMTPs have been updated.

Get-DistributionGroup -ResultSize Unlimited | select-object PrimarySMTPAddress

71. As we changed every mailboxes UPN, the primary SMTP addresses has also been updated to domainname.onmicrosoft.com. Now remove all aliases from every mailbox using this script:

$users = Get-Mailbox -ResultSize Unlimited | Where {$_.Emailaddresses.count -gt 1}
foreach ($user in $users) {
foreach ($email in $user.emailaddresses){
if ($email -ne “SMTP:”+$user.PrimarySmtpAddress){
Set-Mailbox -Identity $user.name -EmailAddresses @{Remove=$email}
}
}
Write-host $user.primarysmtpaddress “has been processed”
}

72. Confirm the primary and alias addresses are both domainname.onmicrosoft.com only.

Get-Mailbox | select PrimarySmtpAddress,EmailAddresses

73. Remove all aliases from every distribution group.

$groups = Get-DistributionGroup -ResultSize Unlimited | Where {$_.Emailaddresses.count -gt 1}
foreach ($group in $groups) {
foreach ($email in $group.emailaddresses){
if ($email -ne “SMTP:”+$group.PrimarySmtpAddress){
Set-DistributionGroup -Identity $group.name -EmailAddresses @{Remove=$email}
}
}
Write-host $group.primarysmtpaddress “has been processed”
}

74. Confirm the primary and alias addresses are both domainname.onmicrosoft.com only.

Get-DistributionGroup | select PrimarySmtpAddress,EmailAddresses

[If required] O365 Groups: use the cmdlets below to remove the domain:

Get-UnifiedGroup -Identity “name” | select primarysmtpaddress,emailaddresses

Set-UnifiedGroup -Identity “name” -PrimarySMTPAddress name@domainname.onmicrosoft.com
Set-UnifiedGroup -Identity “name” -EmailAddresses @{remove=”smtp:name@domain.com”}

75. Confirm all dependencies have been removed. Replace the domainname with your domain name.

Get-MsolUser -DomainName domainname.com -all

Important:

• If the results identify a user who is not licensed but still has an alias, assign the user a license.
• Go into EXO and set their primary address to onmicrosoft.com then remove all aliases.
• Remove the license.
• Remove the domain from the source.

76. Remove the domain from the source Microsoft 365 tenant

• In the Microsoft 365 admin center, go to Settings > Domains.
• Open the domain you wish to remove.
• Click Remove.
• At “Are you sure you want to remove this domain” click Remove.
• Confirm the domain was removed successfully, then click Close.

Important: Allow up to 60 minutes before adding the domains to the destination tenant.

77. Add mail rules and connectors at the destination

[If required]

• In the Microsoft 365 Defender portal, go to Email & Collaboration > Policies & Rules > Threat policies > Anti-spam in the Policies section.
• On the Anti-spam policies page, select Connection filter policy (Default) from the list by clicking on the name of the policy.
• Click Edit connection filter policy to allow or deny messages from the IP addresses.

78. Verify the domain.

• In the Microsoft 365 admin center, go to Settings > Domains.
• Open the domain previously added.
• Click Start setup.
• Click Verify.
• At Set up your online services, select “I will manage my own DNS records” then click Next.
• At Choose your online services, select the required services then click Next.
• You will see a page with all the required DNS records.
• Update the DNS records. Allow time for the DNS changes to propagate globally ~ 20 minutes.
• Click Verify.
• Confirm that there are green tick marks beside the MX and TXT records.
• If there is no CNAME, the overall verification process will fail. Instead, click Ignore incorrect DNS.
• Click Finish; you are done.

79. Verify changes

• Go to the Microsoft 365 admin center and click on “domains “Domains” from Settings.
• Select the domain you have just added and click on ‘View DNS Settings’

80. Check the domain

To check that everything is setup as it should be, wait around an hour for all updates to take effect, then launch the central ops website to verify. Type the domain name and check that all records are set as in ‘View DNS Settings’ above.

81. Remove email forwarding at the destination

Log into Exchange Online PowerShell at the destination and run the following cmdlets for each user:

Set-Mailbox -Identity “DestinationUserEmailAddress” -ForwardingAddress $null -DeliverToMailboxAndForward $false

82. Add aliases for each user at the destination:

• Log into the on-premises Exchange server.
• Run Exchange PowerShell and execute the following cmdlets:

Set-RemoteMailbox -Identity “username@domainname.com” -EmailAddresses @{Add=”smtp:name1@domain”,”smtp:name2@domain”}

83. For each group: 

• Log into the on-premises Exchange server.
• Run Exchange PowerShell and execute the following cmdlets:

Set-DistributionGroup -Identity “groupname” -EmailAddresses @{add=”name1@domain.com”}

84. Change the TTL value on each MX record back to the original setting, e.g., 1 hour.

85. Migrate Mailboxes: Final Migration

• Log into the BitTitan console.
• Select the project name.
• Select all accounts.
• Click on the down arrow beside “Start” and select “Full Migration.”
• In the “Full Migration” window review the settings.
• At “Select what to migrate” confirm that all options are selected.
• At “Migration Scheduling” do nothing.
• Click “Start Migration.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

Important: Allow time for the migration to complete.

86. Resolve any BitTitan error messages.

• Once resolved.
• Select the accounts that errored.
• Click on the down arrow beside “Start” and select “Retry Errors.”
• In the “Retry Errors” window, review the settings.
• Click “Retry Errors.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

87. Delete contacts at the destination.

Connect to EXO at the destination and run the following command:

Import-csv “Backup_Destination_Contacts.csv”| ForEach-Object {
$DisplayName = $_.DisplayName
Remove-MailContact -Identity $Displayname}

88. Confirm the contacts have been deleted.

Import-csv “Backup_Destination_Contacts.csv”| ForEach-Object {
$DisplayName = $_.DisplayName
Get-MailContact -Identity $Displayname}

89. Set the default email address at the destination.

For each user:

• Log into the on-premises Exchange server.
• Run Exchange PowerShell and execute the following cmdlets:

Set-RemoteMailbox “username@domainname.com” -PrimarySmtpAddress “name@domain.com”

90. For each group:

• Log into the on-premises Exchange server.
• Run Exchange PowerShell and execute the following cmdlets:

Set-DistributionGroup -Identity ‘DisplayName’ -PrimarySmtpAddress “name@domain.com” -EmailAddressPolicyEnabled $false

91. For each shared mailbox:

• Log into the on-premises Exchange server.
• Rename the display name back to the original display name.

Important: Allow time for all changes to sync to O365.

Post-Migration Activities

92. Verify delegates and aliases have been correctly populated.

• Open the Microsoft admin portal and both source and destination.
• Compare users and shared mailboxes, etc., to confirm delegates and aliases have been added correctly.

Migrate Mailboxes: Final Migration

• Log into the BitTitan console.
• Select the project name.
• Full Migration.
• Select all accounts.
• Click on the down arrow beside “Start” and select “Full Migration.”
• In the “Full Migration” window review the settings.
• At “Select what to migrate” confirm that all options are selected.
• At “Migration Scheduling” do nothing.
• Click “Start Migration.”
• Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

Important: Allow time for the migration to complete.

93. Resolve any BitTitan error messages

Select the accounts that errored.
Click on the down arrow beside “Start” and select “Retry Errors.”
In the “Retry Errors” window, review the settings.
Click “Retry Errors.”
Click on the “Refresh list” icon to get a status of the migration or click on the dashboard on the left-hand side menu.

94. Execute the end user test plan

Launch Outlook at the destination and verify the contents of the following:

Email.
Contacts.
Calendar.
Send and receive emails internally and verify that emails have been received.
Send and receive emails externally and verify that emails have been received.
Verify the sender’s email address.
Send and receive emails from a shared mailbox and confirm emails have been received.
Verify the sender’s email address.
Send a test calendar invite to a colleague and confirm the invite was received.

95. Log into Exchange Online PowerShell at the destination.

For each mailbox, remove the service account.

Remove-MailboxPermission -Identity “User1” -User “BitTitan service account” -AccessRights FullAccess -InheritanceType All

96. Take ownership of the domain and DNS records.

[If not already actioned] – If the current owner made the required changes to DNS, take ownership of the domains and DNS records.

Back-out Plan

97. Change the default email address back to the old email address.

• Log into the on-premises Exchange server.
• Run Exchange PowerShell and execute the following cmdlets:

Set-RemoteMailbox “username@domainname.com” -PrimarySmtpAddress “name@domain.com”

98. For each user:

Log into the on-premises Exchange server.
Run Exchange PowerShell and execute the following cmdlets:

Set-RemoteMailbox “username@domainname.com” -EmailAddresses @{remove=”name@domain.com”}

99. For each group:

Log into the on-premises Exchange server.
Run Exchange PowerShell and execute the following cmdlets:

Set-DistributionGroup -Identity “groupname” -EmailAddresses @{remove=”name@domain.com”}

100. Verify attributes have been updated:

• Log into the on-premises Exchange server.
• Run Exchange PowerShell and execute the following cmdlets:

Get-RemoteMailbox -Identity | select userprincipalname,alias,primarysmtpaddress,emailaddresses

101. Re-create contacts at the destination:

Log into EXO PowerShell at the destination and run the following cmdlets:

Import-csv “Backup_Destination_Contacts.csv”| ForEach-Object {
$DisplayName = $_.DisplayName
$Email = $_.EmailAddresses
New-MailContact -Name $Displayname -ExternalEmailAddress $Email}

102. Enabling forwarding from destination to contact.

Log into EXO PowerShell at the destination.
Run the following cmdlets:

Set-Mailbox -Identity “username@domainname.com” -DeliverToMailboxAndForward $true -ForwardingAddress “name@domain.com”

103. Reverse DNS changes

104. Confirm that all dependencies have been removed. Replace the domainname with your domain name.

Get-MsolUser -DomainName domainname.com -all

105. Remove the domain from the destination Microsoft 365 tenant.

• In the Microsoft 365 admin center, go to Settings > Domains.
• Open the domain you wish to remove.
• Click Remove.
• At “Are you sure you want to remove this domain” click Remove.
• Confirm the domain was removed successfully, then click Close.

Important:

Allow up to 60 minutes before adding the domains to the destination tenant. O365 may still think the domain is still in use.

106. Add the domain at source then request a TXT record to verify we own the domain.

• In the Microsoft 365 admin center, go to Settings > Domains.
• Choose Add domain.
• Enter the name of the domain you want to add, then click Next.
• At Verify by, select the “TXT record” tab.
• Take note of the TXT name, TXT value, and TTL value.
• Click Save and close (do not click Verify).

107. Verify the domain.

• In the Microsoft 365 admin center, go to Settings > Domains.
• Open the domain previously added.
• Click Start setup.
• Click Verify.
• At set up your online services, select “I will manage my own DNS records” then click Next.
• At choose your online services, select the required services then click Next.
• You will see a page with all the required DNS records.
• Update the DNS records.
• Allow time for the DNS changes to propagate globally ~ 20 mins.
• Click Verify.
• Confirm there are green tick marks beside the MX and TXT records.
• If there is no CNAME, the overall verification process will fail. Instead click Ignore incorrect DNS.
• Click Finish; you are done.

108. Verify changes

• Go to the Microsoft 365 admin center and click on “Domains” from Settings.
• Select the domain you have just added and click on ‘View DNS Settings.’

109. Check the domain

To check that everything is setup as it should be, wait around an hour for all updates to take effect, then launch the central ops website to verify. Type the domain name and check that all records are set as in ‘View DNS Settings’ above.

110. If applicable, add all Teams licenses from the users in the source tenant. This will add the SIP attribute to their proxy addresses.

111. Restore the original proxy address for all users:

• Open “Backup_Mailboxes.csv” in Excel.
• In the EmailAddresses column ensure there is a comma between each email address and not a space eg SMTP:name@domain1.com,smtp:name@domain2.com
• Log into EXO PowerShell at source.
• Compose and run the cmdlet below for each user:.

Set-Mailbox -Identity “alias” -EmailAddresses SMTP:name@domain1.com,smtp:name@domain2.com

• This will replace their proxy addresses and set the default SMTP email address.

112. Restore the UPN for all users:

Import-csv “Backup_Mailboxes.csv”| ForEach-Object {
$NewUPN = $_.PrimarySmtpAddress
$alias = $_.Alias
$OldUPN = $alias + “@vivacityhealth.onmicrosoft.com”
Set-MsolUserPrincipalName -UserPrincipalName $OldUPN -NewUserPrincipalName $Newupn
}

113. Verify UPN, email and proxy addresses have been updated:

Get-Mailbox -Identity | select userprincipalname,alias,primarysmtpaddress,emailaddresses

114. Change all distribution groups SMTP addresses to domainname.onmicrosoft.com domain. Replace the domainname with your domain name.

Get-DistributionGroup -ResultSize Unlimited | select-object PrimarySMTPAddress | export-csv -NoTypeInformation “DL.csv”

Import-csv DL.csv| ForEach-Object {
$ID = $_.PrimarySmtpAddress
$365Email = $ID.Split(“@”)[0] + “@domainname.onmicrosoft.com”
Set-DistributionGroup -Identity $ID -primarysmtpaddress $365Email}

115. Remove all aliases from every distribution group.

$groups = Get-DistributionGroup -ResultSize Unlimited | Where {$_.Emailaddresses.count -gt 1}
foreach ($group in $groups) {
foreach ($email in $group.emailaddresses){
if ($email -ne “SMTP:”+$group.PrimarySmtpAddress){
Set-DistributionGroup -Identity $group.name -EmailAddresses @{Remove=$email}
}
}
Write-host $group.primarysmtpaddress “has been processed” $
}

That’s how tenant to tenant migration Office 365 works.