Office 365 Tenant to Tenant Migration: Domain removal techniques

Migration of domain(s) from one tenant to another in Office 365 is a central point of ‘preserve domain’ T2T migration type. This is step you want to make as quick as possible, because it is time you users are unable to logon to Office 365 service (if vanity domain was used in UPN) and unable to receive emails to their mailboxes.

In theory it is all looking nice and easy – you just need to remove the vanity domain from UPNs and remove all email addresses containing the domain, then you release domain from old tenant and verify it on new one. That, however, sometimes looking very differently in practice. First of all there are some constraints you need to consider:

  1. It is not possible to remove email addresses from Office 365 Groups. That is by design – even you can play with Set-UnifiedGroup command, the email will not be deleted from Azure. Only option is to remove whole group in order to be able to release the domain.
  2. Azure Web Apps configured with vanity domain will prevent this domain from removal from the tenant – Configuring a custom domain name for a web app in Azure App Service using Traffic Manager.
  3. Subdomain email addresses must be also removed. Say you removing from your tenant, however some of your mail contacts have email address of, it is possible even without having subdomain to be verified on the tenant. In order to release vanity domain, you must remove such email addresses too.

Also, in AAD Connect scenario, you must disable synchronization in order to be able to start removal of email addersses – Turn off directory synchronization for Office 365.

Once disabled, you can proceed with removal:

  1. Change user UPNs to Always do that step first, before starting removal of email addresses. The step can be easlily automated.
  2. Remove email addresses containing vanity domain from user mailboxes, mail users, groups. Again there are scripts on the internet that allow you automated removal.
  3. Usually, first two steps should be enough to get the domain released, so you just go to the O365 Admin Portal and try to remove domain. That step will show you if there are any objects, that still containing email addresses. If you see only aliases in the list, you can proceed with removal as system will strip these aliases for you. If you see UPNs, Primary SMTP addresses or groups – then removal will fail.

Now, if the domain was successfully removed only thing you need to do is to verify it on another tenant and proceed with rest of your migration, however sometimes you may find that there are still objects preventing you to release domains. Most common issues I see in practice:

  • Unable to remove email address from MailUser who have no mailbox. You trying to remove the email address from EAC or PowerShell, command completes successfully, but email address is still not removed. In case you are not able to remove the user completely only option is to assign ExO license to this user – when done, you will be able to remove email address and reclaim the license back.
  • Unable to find account preventing release of the domain. Sometimes command Get-MsolUser -Domainname <domain_name> will not return you any user, however it seems that you still have some users keeping domain from deletion. If this is your case, following command do better job: Get-MsolUser -All | where {$_.ProxyAddresses -like “*”}

If you have any concerns about this, just let us know – we are keen to provide you advice and guidance on it.

Export Skype for Business Online ‘buddy list’

In case you migrating your user’s from one Office 365 tenant to another one (T2T Migration) you may find handy ability to quickly extract so called ‘buddy list’ from of the users. It is essentially just list of SIP addresses of user’s contacts and very often it does not have any value if there are just internal contacts. However, in case users have many external peers, loss of the buddy list may be quite painful.

The script below will allow users easily export their ‘buddy lists’.

Continue reading

Office 365 PowerShell Connector script with GUI

Sometimes, when managing many Office 365 tenants you need to open multiple connections to tenants and various Office 365 Services. The PowerShell script below offers quick and easy way managing your own connections to Azure AD and Exchange Online.

This is simple form-based PS script that will allow you to store connection profiles and quickly access service you need.

Warning!  Nevertheless script stores password as secure string, 
 do not store your connection profiles on publicly used computers.

Please find script and short manual below.

Continue reading

Office 365: MigrationPermanentException: Error: MapiExceptionAmbiguousAlias: Unable to synchronize manifest


Sometimes when performing Remote Move mailboxes from Exchange 2007 to Office 365 (using Exchange 2013 Hybrid server as proxy) you may face following error:

Error: MigrationMRSPermanentException: Error: MapiExceptionAmbiguousAlias: Unable to synchronize manifest. ‎(hr=0x80004005, ec=2202)‎ Diagnostic context: ...... Lid: 52176 ClientVersion: 15.0.1104.8 Lid: 50032 ServerVersion: 8.3.389.2 Lid: 23226 --- ROP Parse Start --- Lid: 27962 ROP: ropOpenFolder [2] Lid: 27962 ROP: ropIncrCfg [112] Lid: 27962 ROP: ropUpldStStrmBegin [117] Lid: 27962 ROP: ropUpldStStrmEnd [119] Lid: 27962 ROP: ropUpldStStrmBegin [117] Lid: 27962 ROP: ropUpldStStrmEnd [119] Lid: 27962  ROP: ropUpldStStrmBegin [117] Lid: 27962 ROP: ropUpldStStrmEnd [119] Lid: 27962 ROP: ropUpldStStrmBegin [117] Lid: 27962 ROP: ropUpldStStrmEnd  [119] Lid: 27962 ROP: ropFXSrcGetBufferEx [156] Lid: 17082 ROP Error: 0x89A Lid: 23137 Lid: 21921 StoreEc: 0x89A Lid: 27962 ROP:  ropExtendedError [250] Lid: 1494 ---- Remote Context Beg ---- 

Move request for the mailbox is failing and if you restart the move, same error appears again.
Continue reading