Office 365 Tenant to Tenant Migration

Last weekend I undertook a Migration from one Office 365 tenant to another – manually.  Whilst we normally work in the enterprise space migrating thousands of users, this was a special case project undertaken deliberately as a manual process end to end. It wasn’t without issue and hiccups, made more worrying because it was for my wife’s email Domain!

Downtime

In all scenarios, you have to accept that there will be an amount of downtime.  There are very few 3rd party tools, and nothing from Microsoft to help you with a tenant to tenant migration.  Binary Tree (http://www.binarytree.com ) are developing one but it is still in beta.  So planning and preparation is key; as you really need to try and complete all steps below as quickly as possible and get it right first time.  With an enterprise environment we have a full Project Plan developed and a number of PowerShell scripts at the ready to automate and, more crucially SPEED UP, some of the steps below like back-up and remove aliass, then re-write them back.

In a larger tenant, there could be all sorts of extra things to reconfigure and migrate ignoring the obvious SharePoint, Yammer, OneDrive for Business, Skye for Business etc

• Connectors
• Federation
• Transport Rules
• DLP
• Malware/Antispam

In this case, as it was only a small simple deployment I only had to reconfigure DKIM.  See Twan’s blog on DKIM here -> https://neroblanco.co.uk/2016/04/email-arrive-signed-tenant-onmicrosoft-com/ and https://neroblanco.co.uk/2016/05/can-help-avoid-spam-domains/

I also did not have to contend with AADConnect DirSync from On-Premise Active Directory.

Dogfood

I was fortunate enough to be granted a Microsoft Dogfood “Family & Friends” Exchange Online tenant, way back in 2009!  This was the pre-cursor to BPOS and Office 365.  Microsoft Dogfood is a well-known environment in Microsoft IT circles, whereby Microsoft themselves live and work with their own products so that they can better understand support sell and develop them.

Interestingly, the Engineers that build and develop Office 365 are themselves the 3^rd and 4thline support for Office 365, so it is in their interest to write better code!

However, Dogfood essentially only gives you a free Exchange Online Mailbox, like a Charity E1 licence.  There is no Office Software, Skype for Business, SharePoint, OneDrive for Business etc.  So, basically my wife had outgrown it, and it was time to move her in to the business tenant whereby she could consume OneDrive for Business, Skype for Business and have the benefit of Microsoft Office Software deployed.

So here are the basic steps:

New Tenant Activities

1. Create the target mailbox objects and license them at least for Exchange Online (so you can migrate data into them)

Pre-stage Migration

1. Prepare Migration of Data – I used MigrationWiz
   1. Source username@karenhardy.onmicrosoft.com target username@karenhardystudios.onmicrosoft.com
   2. Migrate all email only – up to 90 days ago

Legacy Tenant Activities

1. Go to DNS and set your MX Record for the Primary Vanity Domain to a known FQDN that is NOT running any SMTP listener services.  This will hopefully mitigate against senders getting NDRS.  Most modern Sending Gateways will queue the emails pending a retry for up to 24-48 hours; assuming that the email service is down or the server is down temporarily
2. Remove the Skype component from the Office 365 licences for all the Users
3. In Office 365 Admin, Set the Domain karenhardy.onmicrosoft.com to be the Default Domain
4. Remove all references and entries to the vanity Domain you are removing:
   1. Set the Azure AD Logon UPN Domain to @karenhardy.onmicrosoft.com
   2. Set the Default Mail Address for users to @karenhardy.onmicrosoft.com
   3. Remove all alias Email Addresses
   4. Set Groups, Shared Mailboxes, and Resources primary SMTP Address to @karenhardy.onmicrosoft.com
5. Remove the Vanity Domain Name from the old tenant.  This can take some time pending Office 365 processing of the above steps
6. Disable ActiveSync, and OWA for all users – Some mobile devices (definitely her iPhone 6s did) have a “remembered/cached” connection to the old tenant and simply will not activate to the new one

New Tenant Activities

1. Add the Vanity Domain Name to the new tenant
2. Add/Update all the DNS Entries required – specifically the ms=xxxxxxx one
3. Verify the New Vanity Domain
4. Set the Vanity Domain Name to be the default domain
5. Update all the recipients (Users, Groups, etc)
   1. Set the Azure AD Logon UPN Domain to @karenhardystudios.com
   2. Set the Primary SMTP Addresses to @karenhardystudios.com
   3. Add back all the other aliases
6. Prepare Migration of Delta email Data
   1. Source username@karenhardy.onmicrosoft.com target username@karenhardystudios.onmicrosoft.com
   2. Run final Delta sync of all data
   3. Be aware that if you’d used a credential in MigrationWiz that had the old vanity domain then you’ll need to update it
7. Reconfigure Devices. Outlook, iPhone, iPad

As I said earlier, there will be downtime, and some steps take time due to Microsoft backend processing and replication that you simply do not have visibility of.  For example, activating/licensing a new mailbox in EOL usually takes less than 15 minutes, but I have seen it take 4 hours plus – but the Microsoft SLA is actually 24 hours.  Then you have DNS replication and propagation to think about, user communications.  Comms to 3rd party customers and partners.  Users themselves in a T2T migration have to recreate Outlook OST profiles.  All in all it’s not a trivial process.  Documenting a well thought out plan is crucial.