Remove a public domain name from an Office365 Tenant – The QUICK WAY

I have worked recently on a lot of Office365 tenant to tenant migrations and the biggest challenge in all of these migrations is where the same domain name eg. contoso.com cannot exist in two tenants at once.

I always use the Migration Wiz Bundle which can migrate primary mailbox, archive mailbox , ODFB sites and Deployment Pro which manages the Outlook Profile transition to the new tenant.

Migration Wiz have an interesting co-existence solution which you can review HERE

If using a migration tool like Migration Wiz and all data has been migrated a really quick way of removing all traces from contoso.com from the legacy tenant is to run through the following process

WARNING ALL DATA MUST BE MIGRATED BEFORE ATTEMPTING TO USE THIS PROCESS. This process does not delete any data. It removes all references to the public domain that is required in the target tenant in this example that domain name is CONTOSO.COM. If users still need to access data in a Sharepoint Site in the legacy tenant the user me informed on what their new UPN is.

  1. Connect to Azure AD Connect server
  2. Disable-ADSyncExportDeletionThreshold  and then enter Office365 Global Admin Credentials
  3. Next steps are to de-select all the OUs that were previously in scope for synchronization
  4. Then run this command on the Start-ADSyncSyncCycle -PolicyType Initial
    (Run the command twice)
  5. This will place all objects that were synced to Office365 in the recycle bin.
  6. Change UPN for any cloud identity objects that remain
    Get-MsolUser -All | ? {$_.UserPrincipalName -match “contoso.com” -and $_.UserPrincipalName -notmatch “admin”} | % {Set-MsolUserPrincipalName -ObjectId $_.objectId -NewUserPrincipalName ($_.UserPrincipalName.Split(“@”)[0] + “@brakelaero.onmicrosoft.com”); $dataout += “$($_.UserPrincipalName)” ; $_.UserPrincipalName };$dataout | out-file “CSV FILE NAME AND PATH”}}
  7. Set the primary smtp address for all remaining mail enabled objects to contoso.onmicrosoft.com
    $AllMailboxes = Get-Mailbox -ResultSize Unlimited
    Foreach ($Mailbox in $AllMailboxes)

    {
    # Creating NEW E-mail address that concatenate in the following way: Take the existing recipient Alias name + use the NEW Domain name as a domain suffix + “Bind” the Alias name + the NEW Domain name suffix.

    $NewAddress = $Mailbox.Alias + “@contoso.onmicrosoft.com”

    Set-Mailbox -Identity $Mailbox.Alias -WindowsEmailAddress $NewAddress 
    }

  8. Remove all contoso.com aliases
    $Records = Get-mailbox -ResultSize Unlimited| where {$_.emailaddresses -like “smtp:*@contoso.com”} | Select-Object DisplayName,@{Name=“EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_ -like “smtp:*brakelaero.be”}}}

    foreach ($record in $Records)

    {

        write-host “Removing Alias” $record.EmailAddresses “for” $record.DisplayName

        Set-Mailbox $record.DisplayName -EmailAddresses @{Remove=$record.EmailAddresses}

    }

  9. Remove Contoso.com from any groups
    Get-Msolgroup -All | where {$_.emailaddress -match “brakelaero.be”} | Remove-MsolGroup –Force
  10. Change the default domain in the Admin.Microsoft.com portal to contoso.onmicrosoft.com
  11. Remove Contoso.com
    Remove-MsolDomain -DomainName “contoso.com” –Force
  12. Next we can add Contoso.com into the new Office365 tenant and update the mx records for Contoso.com
  13. Last but not least , We modify AD Connect configuration and re-enable the sync of all the objects that were previously synced and are now in the Office365 recycle bin ,they will all be restored and have the ability to access their data via a contoso.onmicrosoft.com UPN.

We forgot to mention Public Folders. Migration Wiz have a separate tool for public folder migrations which is very simple to use. I always prefer to convert public folders into resource mailboxes.

Credit: The domain removal powershell migration scripts are publicly available in Migration  Wiz Knowledge Base articles.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s