Migration of domain(s) from one tenant to another in Office 365 is a central point of ‘preserve domain’ T2T migration type. This is step you want to make as quick as possible, because it is time you users are unable to logon to Office 365 service (if vanity domain was used in UPN) and unable to receive emails to their mailboxes.
In theory it is all looking nice and easy – you just need to remove the vanity domain from UPNs and remove all email addresses containing the domain, then you release domain from old tenant and verify it on new one. That, however, sometimes looking very differently in practice. First of all there are some constraints you need to consider:
- It is not possible to remove email addresses from Office 365 Groups. That is by design – even you can play with Set-UnifiedGroup command, the email will not be deleted from Azure. Only option is to remove whole group in order to be able to release the domain.
- Azure Web Apps configured with vanity domain will prevent this domain from removal from the tenant – Configuring a custom domain name for a web app in Azure App Service using Traffic Manager.
- Subdomain email addresses must be also removed. Say you removing contoso.com from your tenant, however some of your mail contacts have email address of subA.contoso.com, it is possible even without having subdomain to be verified on the tenant. In order to release vanity domain, you must remove such email addresses too.
Also, in AAD Connect scenario, you must disable synchronization in order to be able to start removal of email addersses – Turn off directory synchronization for Office 365.
Once disabled, you can proceed with removal:
- Change user UPNs to onmicrosoft.com. Always do that step first, before starting removal of email addresses. The step can be easlily automated.
- Remove email addresses containing vanity domain from user mailboxes, mail users, groups. Again there are scripts on the internet that allow you automated removal.
- Usually, first two steps should be enough to get the domain released, so you just go to the O365 Admin Portal and try to remove domain. That step will show you if there are any objects, that still containing email addresses. If you see only aliases in the list, you can proceed with removal as system will strip these aliases for you. If you see UPNs, Primary SMTP addresses or groups – then removal will fail.
Now, if the domain was successfully removed only thing you need to do is to verify it on another tenant and proceed with rest of your migration, however sometimes you may find that there are still objects preventing you to release domains. Most common issues I see in practice:
- Unable to remove email address from MailUser who have no mailbox. You trying to remove the email address from EAC or PowerShell, command completes successfully, but email address is still not removed. In case you are not able to remove the user completely only option is to assign ExO license to this user – when done, you will be able to remove email address and reclaim the license back.
- Unable to find account preventing release of the domain. Sometimes command Get-MsolUser -Domainname <domain_name> will not return you any user, however it seems that you still have some users keeping domain from deletion. If this is your case, following command do better job: Get-MsolUser -All | where {$_.ProxyAddresses -like “*contoso.com”}
If you have any concerns about this, just let us know – we are keen to provide you advice and guidance on it.