Giter VIP home page Giter VIP logo

Comments (8)

eminem18753 avatar eminem18753 commented on June 2, 2024

This is what I've referenced. https://docs.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide#prepare-target-user-objects-for-migration
This is what I've done:
Target tenant

  1. Create an application for my target tenant
  2. Add api permission to enable Mailbox.Migration
  3. Create a new client secret
  4. Send consent to source tenant with the application id
  5. Create a migration endpoint
    a. Connect to exchange powershell
Connect-ExchangeOnline -UserPrincipalName [my_target_tenant]@synologydstdev.onmicrosoft.com -ShowProgress $true

b.

$AppId = "[application_id created in step 1]"

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AppId, (ConvertTo-SecureString -String "[my secret value created in step 3]" -AsPlainText -Force)

New-MigrationEndpoint -RemoteServer outlook.office.com -RemoteTenant "my_source_tenant.onmicrosoft.com" -Credentials $Credential -ExchangeRemoteMove:$true -Name "CrossTenantMailboxMigrationEndpoint" -ApplicationId $AppId
  1. Create organization relationship
$sourceTenantId="[my_source_tenant_id]"
$orgrels=Get-OrganizationRelationship
$existingOrgRel = $orgrels | ?{$_.DomainNames -like $sourceTenantId}
If ($null -ne $existingOrgRel)
{
    Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound
}
If ($null -eq $existingOrgRel)
{
    New-OrganizationRelationship "CrossTenantMailboxMigrationOrganizationRelationship" -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound -DomainNames $sourceTenantId
}

Source tenant
7. Consent to the application
8. Configure organization relationship
a.
Connect-ExchangeOnline -UserPrincipalName [my_source_tenant]@synologydst.onmicrosoft.com -ShowProgress $true
b.

$targetTenantId="[my_target_tenant_id]"
$appId="[application_id created in step 1]"
$scope="CrossTenantMigrationGroup" // the mail-enabled security group I created at source tenant side (eg. with the mailbox I want to migrate within)
$orgrels=Get-OrganizationRelationship
$existingOrgRel = $orgrels | ?{$_.DomainNames -like $targetTenantId}
If ($null -ne $existingOrgRel)
{
    Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -OAuthApplicationId $appId -MailboxMovePublishedScopes $scope
}
If ($null -eq $existingOrgRel)
{
    New-OrganizationRelationship "CrossTenantMailboxMigrationOrganizationRelationship" -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -DomainNames $targetTenantId -OAuthApplicationId $appId -MailboxMovePublishedScopes $scope
}
  1. test
Test-MigrationServerAvailability -Endpoint "CrossTenantMailboxMigrationEndpoint" -TestMailbox "[email protected]"

Thank you
Best regards,
Ethan Fang

from cross-tenant.

ropow avatar ropow commented on June 2, 2024

from cross-tenant.

eminem18753 avatar eminem18753 commented on June 2, 2024

Good morning, Ropow
Yes, I've created a MailUser object with the following command in my target tenant domain (eg. synologydstdev).

Connect-ExchangeOnline -UserPrincipalName [email protected] -ShowProgress $true

$password = Read-Host "Enter password" -AsSecureString
New-MailUser -Name "cbm test" -ExternalEmailAddress [email protected] -MicrosoftOnlineServicesID [email protected] -Password $password

Set-MailUser -Identity "cbm test" -ExchangeGuid "[the exchange guid of the source tenant I want to migrate from]"

Note.
my source tenant domain is synologydst.onmicrosoft.com
source tenant domain admin is [email protected]
the source mailbox is [email protected]
[the exchange guid of the source mailbox I want to migrate from] is obtained with

Connect-ExchangeOnline -UserPrincipalName [email protected] -ShowProgress $true
Get-Mailbox -Filter "Name -like 'cbmtest*'" | Format-List  exchangeGuid

I tested with the following command, where CrossTenantMailboxMigrationEndpoint is the endpoint created in my target domain, and [email protected] is the source domain mailbox I want to migrate from.

Test-MigrationServerAvailability -Endpoint "CrossTenantMailboxMigrationEndpoint" -TestMailbox "[email protected]"

Thank you
Best regards,
Ethan Fang

from cross-tenant.

ropow avatar ropow commented on June 2, 2024

from cross-tenant.

eminem18753 avatar eminem18753 commented on June 2, 2024

Hi, Ropow
Thank you so much for the reply,
I've moved on, however, another issue happens.
It states that the connection to the server 'outlook.office.com' could not be completed. But strangely, I can ping outlook.office.com successfully.
image
Thank you
Best regards,
Ethan Fang

from cross-tenant.

eminem18753 avatar eminem18753 commented on June 2, 2024

Hi Ropow,
I went directly using New-MigrationBatch to create a migration batch
image

MigrationTransientException ‎'https://hk0pr06mb3794.apcprd06.prod.outlook.com/mrs/Microsoft.Exchange.MailboxReplicationService.ProxyService/OAuth‎'
Fail。Error details: Access is denied.。 --> call
‎'https://hk0pr06mb3794.apcprd06.prod.outlook.com/mrs/Microsoft.Exchange.MailboxReplicationService.ProxyService/OAuth‎'
Fail。Error details: Access is denied.。 --> Access is denied.

And this happens, it seems that there is some OAuth error, and the access is denied
Best regards,
Ethan Fang

from cross-tenant.

ropow avatar ropow commented on June 2, 2024

from cross-tenant.

eminem18753 avatar eminem18753 commented on June 2, 2024

Hi, Ropow
I am able to migrate now, below are what I was doing wrong during the migration process.

  1. EmailAddresses field of the target MailUser object should contain a x500:address of the source Mailbox object.
  2. Check that EmailAddresses field only contain emails from target domain.
  3. Should set exchangeGuid to be the same as the source tenant.
  4. Use source/target "tenant" id to create organization relationship, not "user" id.
  5. Use target mail user name (or mailbox address) to Test-MigrationServerAvailability. (Although the document says [email address of a source mailbox that is part of your migration scope])

Moreover, step 3 in the document should be "Enterprise applications" instead of "Application registrations".

Thank you very much for all the help~!

Best regards,
Ethan Fang

from cross-tenant.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.