Comments (8)
This is what I've referenced. https://docs.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide#prepare-target-user-objects-for-migration
This is what I've done:
Target tenant
- Create an application for my target tenant
- Add api permission to enable Mailbox.Migration
- Create a new client secret
- Send consent to source tenant with the application id
- Create a migration endpoint
a. Connect to exchange powershell
Connect-ExchangeOnline -UserPrincipalName [my_target_tenant]@synologydstdev.onmicrosoft.com -ShowProgress $true
b.
$AppId = "[application_id created in step 1]"
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AppId, (ConvertTo-SecureString -String "[my secret value created in step 3]" -AsPlainText -Force)
New-MigrationEndpoint -RemoteServer outlook.office.com -RemoteTenant "my_source_tenant.onmicrosoft.com" -Credentials $Credential -ExchangeRemoteMove:$true -Name "CrossTenantMailboxMigrationEndpoint" -ApplicationId $AppId
- Create organization relationship
$sourceTenantId="[my_source_tenant_id]"
$orgrels=Get-OrganizationRelationship
$existingOrgRel = $orgrels | ?{$_.DomainNames -like $sourceTenantId}
If ($null -ne $existingOrgRel)
{
Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound
}
If ($null -eq $existingOrgRel)
{
New-OrganizationRelationship "CrossTenantMailboxMigrationOrganizationRelationship" -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability Inbound -DomainNames $sourceTenantId
}
Source tenant
7. Consent to the application
8. Configure organization relationship
a.
Connect-ExchangeOnline -UserPrincipalName [my_source_tenant]@synologydst.onmicrosoft.com -ShowProgress $true
b.
$targetTenantId="[my_target_tenant_id]"
$appId="[application_id created in step 1]"
$scope="CrossTenantMigrationGroup" // the mail-enabled security group I created at source tenant side (eg. with the mailbox I want to migrate within)
$orgrels=Get-OrganizationRelationship
$existingOrgRel = $orgrels | ?{$_.DomainNames -like $targetTenantId}
If ($null -ne $existingOrgRel)
{
Set-OrganizationRelationship $existingOrgRel.Name -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -OAuthApplicationId $appId -MailboxMovePublishedScopes $scope
}
If ($null -eq $existingOrgRel)
{
New-OrganizationRelationship "CrossTenantMailboxMigrationOrganizationRelationship" -Enabled:$true -MailboxMoveEnabled:$true -MailboxMoveCapability RemoteOutbound -DomainNames $targetTenantId -OAuthApplicationId $appId -MailboxMovePublishedScopes $scope
}
- test
Test-MigrationServerAvailability -Endpoint "CrossTenantMailboxMigrationEndpoint" -TestMailbox "[email protected]"
Thank you
Best regards,
Ethan Fang
from cross-tenant.
from cross-tenant.
Good morning, Ropow
Yes, I've created a MailUser object with the following command in my target tenant domain (eg. synologydstdev).
Connect-ExchangeOnline -UserPrincipalName [email protected] -ShowProgress $true
$password = Read-Host "Enter password" -AsSecureString
New-MailUser -Name "cbm test" -ExternalEmailAddress [email protected] -MicrosoftOnlineServicesID [email protected] -Password $password
Set-MailUser -Identity "cbm test" -ExchangeGuid "[the exchange guid of the source tenant I want to migrate from]"
Note.
my source tenant domain is synologydst.onmicrosoft.com
source tenant domain admin is [email protected]
the source mailbox is [email protected]
[the exchange guid of the source mailbox I want to migrate from] is obtained with
Connect-ExchangeOnline -UserPrincipalName [email protected] -ShowProgress $true
Get-Mailbox -Filter "Name -like 'cbmtest*'" | Format-List exchangeGuid
I tested with the following command, where CrossTenantMailboxMigrationEndpoint is the endpoint created in my target domain, and [email protected] is the source domain mailbox I want to migrate from.
Test-MigrationServerAvailability -Endpoint "CrossTenantMailboxMigrationEndpoint" -TestMailbox "[email protected]"
Thank you
Best regards,
Ethan Fang
from cross-tenant.
from cross-tenant.
Hi, Ropow
Thank you so much for the reply,
I've moved on, however, another issue happens.
It states that the connection to the server 'outlook.office.com' could not be completed. But strangely, I can ping outlook.office.com successfully.
Thank you
Best regards,
Ethan Fang
from cross-tenant.
Hi Ropow,
I went directly using New-MigrationBatch to create a migration batch
MigrationTransientException 'https://hk0pr06mb3794.apcprd06.prod.outlook.com/mrs/Microsoft.Exchange.MailboxReplicationService.ProxyService/OAuth'
Fail。Error details: Access is denied.。 --> call
'https://hk0pr06mb3794.apcprd06.prod.outlook.com/mrs/Microsoft.Exchange.MailboxReplicationService.ProxyService/OAuth'
Fail。Error details: Access is denied.。 --> Access is denied.
And this happens, it seems that there is some OAuth error, and the access is denied
Best regards,
Ethan Fang
from cross-tenant.
from cross-tenant.
Hi, Ropow
I am able to migrate now, below are what I was doing wrong during the migration process.
- EmailAddresses field of the target MailUser object should contain a x500:address of the source Mailbox object.
- Check that EmailAddresses field only contain emails from target domain.
- Should set exchangeGuid to be the same as the source tenant.
- Use source/target "tenant" id to create organization relationship, not "user" id.
- Use target mail user name (or mailbox address) to Test-MigrationServerAvailability. (Although the document says [email address of a source mailbox that is part of your migration scope])
Moreover, step 3 in the document should be "Enterprise applications" instead of "Application registrations".
Thank you very much for all the help~!
Best regards,
Ethan Fang
from cross-tenant.
Related Issues (20)
- many errors in the resource tenant script HOT 11
- error sending consent invitation HOT 2
- GetAzLocation error? Not in script? HOT 2
- AADSTS90002: Tenant 'token' not found. HOT 3
- https://graph.microsoft.com/v1.0/invitations 400 Bad request HOT 1
- Cannot validate argument on parameter 'Location' HOT 2
- Azlocation validation fail because of multiple AZ Subscriptions. HOT 1
- Hardcoded organisation name HOT 1
- AADSTS90002: Tenant 'token' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. HOT 24
- connect to the Exchange Online Management module or Exchange Online through basic authentication before running this script! HOT 13
- Process stop with no error or feedback HOT 3
- No KeyVault available HOT 3
- Line 329 : Assembly with same name is already loaded HOT 2
- Error in the new procedure HOT 2
- Errors verifying AAD application HOT 17
- The source tenant does not authorize mailbox for migration HOT 2
- Target delivery domain not found HOT 2
- Add the ExchangeGuid and LegacyExchangeDN HOT 3
- I am receiving an error when setting up the target tenant
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cross-tenant.