Microsoft Tenant to Tenant Migration | Cross Tenant Migration - Part 1

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

watching Cloud security and Concepts today we are talking about business scenario where Microsoft comes with a picture Microsoft has a requirement sometimes based on the customers that they have to migrate from one tenant to another tenant so this is the business requirement sometimes in multiple scenarios in terms of compliance or in terms of business mergers so this tenant to Terran migration will be performing following the Microsoft document and article that they have provided uh even though I understand that the document is not pretty clear and then everybody wants to have a reference um you know kind of demo environment where you'll see that things are working and how exactly they are working right so this is uh the video that I am working on for a tenant to tenant migration or you can say cross tenant migration right so from Microsoft 110 to another tenant now for this uh if you guys see there are some requirements the system requirements that will have to follow yeah um number one is Microsoft article that I will be sharing in the link as well plus the document is available online if you can find you know cross to cross cross standard migration or 10 into 10 migration so then you will come on this particular article I'll be sharing this link as well so it will be easier for you guys to understand the next is we would need Powershell Okay the third is uh the source tenant Global admin so we won't be able to perform this activity without the global admin credentials the next one is required is the destination tenant Global admin so we also have to have a destination admin on the destination tenant where we will be migrating to The Source Talent will have all your emails all your mailboxes from where you will be migrating and the destination we will be getting the all the migrated data right so we would need both the details and I'll show you so for me um I've got Source tenant created with this name yeah the tenant name is cloud redteam.onmicrosoft.com and then this is a global admin credentials that I have same follows as on the destination tenant so here I have Cloud blue team on dot microsoft.com yeah so so standard destination tenant the few mailboxes that we have here in the source tenant okay I'll be logging in uh one of them let's login on this user just to see that the data is available there in the mailbox so let's go to office.com or we can also go to outlook.office.com let's close this let's put the email ID here and then third okay Outlook and then if you guys can see there are few emails so now since this is a demand moment okay I've got uh less emails here but it doesn't really matter okay it doesn't really matter that how many emails you have I have already migrated the emails which are more than 100 GB as well okay um one important thing that I wanted to mention here um in this demo I'll not include the archiving data Okay so the primary mailbox if you have that will be migrated within the stamina environment if you guys want to see the environment where you have an uh you know the archiving mailbox which is you know the additional license that you get on the in the form of online archive so that also if you want to see the like few additional commands that you have to run when you are preparing the source and the destination tenant and that's it um and then the whole data off here that particular mailbox the secondary mailbox or the archiving space will also be migrated yeah so in this demo we are not considering that at the moment so whatever the primary data is if it is 50 GB 100 GB whatever it is it will be migrated yeah after the migration there are a few steps which are important which is domain register login details to change the MX records SPF records and other dkm DeMark records which will be uh you will be setting up the domain on the destination tenant as well of course when the source tenant you have to discontinue the destination destination has to either the same domain or a different domain where you will be migrating to in case of company immersions right perfect so let's get started and the last one is the approved downtime from the management which is very important without that nobody performs its activity and yes during this activity when we are performing as of now you guys understand that 10 into 10 migration is something which is newly introduced so the tool is not 100 ready so there are some limitations you'll have to change your user names from the domain name and then move it to tenant name all right so with that you'll have to inform your users when you want to log in you log in here and then the primary uh the domain name email ID actually which comes with the the domain that domain name let's say uh user one at the rate company name.com or dot a DOT whatever yeah so that will become as an alias now with that Alias they will be still receiving those emails the new emails all right but for login it is preferred to use this account or this way to login on the account for me since it is a denim demo environment I don't have any domain which is connected to this uh but this can be done so if you guys have any questions you can drop the comments and then I'll reply all right let's take a look on the source tenant and the destination tenant yeah um this is my source tenant in the black window you can see these users the red team this is what we discussed all right and this is what we have logged in here in the Outlook so Cloud writing yeah and then the destination is complete blank with no users at the moment okay Cloud routine no users at the moment right perfect so now um the first thing first what we need to do is we need to create an application okay that will be performed in the destination time so just so this is the clarity that we will have to start from the destination internet so it is similar like we'll have to create an application okay and then we have to give this URL to the source tenant that this is what the approvals that I'm giving it to you to perform this activity and then on the so standard we'll have to accept that all right so once again at this activity The Next Step that we are performing will have to start from the destination tenant one more thing that I want to mention here there are a couple of things which are in process okay don't change the process if you guys have already followed if you have already worked on couple of things in terms of application creation or application registrations under your Azure ID platform even if you know don't follow your on certain processes follow the document otherwise when I did this I had a lot of challenges because I was also doing it for the first time but then I got into you know multiple experiences and then now I I understand that how it works but if you guys are doing it for the first time don't do it yourself follow the document follow the document step by step click the page where it says write what it says and command has to be exactly the same what is ask for are there are few parts uh on this document is not correctly mentioned like I'll show you guys um the couple of commands which they have mentioned that should be running on the source tenant and then actually it is we need to run on the destination 10 and probably this one okay probably this one and then there is a couple of things which like this one so if you follow this the space is not required if you follow this copy this in front of this on the command prompt you will not find the results okay so just make sure a couple of things here the document is still has to be updated um I really can't you know ask Microsoft to update it on my behalf but yeah they will they will realize this I had a call with Microsoft team earlier and then I actually told them but then they will take their own sweet thing I don't know all right so let's get started with the first step once again prepare the target which is a destination tenant by creating the migration application and secret all right let's get to the destination okay you need to go to portal.hr.com click on manage Azure directory click on manage and show electric directory okay so Cloud blue now on the left navigation bar select application so select application registrations now click on new registration icon new registration right now we'll have to type some name we'll have to write some name of this application so let's say cross summon migration so [Music] okay and then here in this option we'll have to follow this account in any organizational directory any Azure ID directory which is multi-tenant here we'll have to select web and then PPS slash slash office.com let's match these values so here we have selected this multi-terrent and then web office 65 and office.com this doesn't really matter to have the same URL but I have not seen anything uh you know as a if it can create some problems but then it's fine if they're saying this okay on the top right corner of the page you will see notification pop-up that says app was created successfully all right so let's register this application and let's see if the screen created done so f is created now we would need this as an application ID let's copy this and paste it on the notepad okay now our document go back to home page is your actor directory click on app registrations once again so go back and on and then click on app registrations okay now put this under on the applications find the app that you've created and click on it so on applications okay under app registrations find your application I if there are multiple applications you can search here but since it is a new tenant we are performing this activity on the destination tenant so probably you will have this activity for the first time and this will be the first application so let's click on this come back to the document under Essentials you'll need to copy the application ID which we have already done to create a URL for the Target Talent good okay now on the left navigation bar click on ABI permissions to view the permissions assigned for your app so let's go back API permissions these are the applications so these are permissions which are given to this application will have to remove this by default the user read permissions are already assigned which is not actually required so let's remove this okay done so once done welcome back to point number 14. now we need to add permissions for mailbox migration select add a permission add a permission here we'll have to say under we'll have to select API which my organization uses and then select the application permission we have to select Office 365 exchange online let's come back apis is my organization uses change online oops okay what was that of rescue exchange online this is very happy I will have to select application permissions look for box yeah for mailbox and migration the Box migration okay and then click on our information click on ADD permission so done this is I've already done it [Music] now select the certificates and secrets on the left navigation bar for your application so certificate and secrets now we'll go back to certificates and secrets here okay so once again don't assign the permissions now okay please don't assign the permissions now first we'll have to create the certificates and then we'll go back to home and then I'll go to Enterprise applications and from there we will grant this contents okay will not do it from here for other Technologies wherever you're doing for summer authentications people are the practices to directly assign this here but don't do it now right so now select certificates certificates and secrets we'll have to create a new certificate so let's say we'll keep it as migration certificate okay six months are good enough so this is that we'll have to copy this value okay we'll have to copy this value once again in our notepad file so value and I'm just keeping a note of the name as well which is what is the name this is for the reference okay good after this we are going back to our document so document this is done this is done this we have created added successfully created the migration application now we'll have to okay go back to Azure active directory landing page click on Enterprise applications in the left navigation okay now let's go back to home once again Enterprise application not applications this time so Enterprise applications okay as they have mentioned here and the left navigation find your migrated application you created select it and then select permissions on the left navigation click on the grant admin consent for your talented product so we'll go here there's the application that we have created okay and and what is that Enterprise application select permissions Provisions permissions permissions permissions okay now from here we will and it goes a pop-up okay and then we'll log in with the same credentials that we have and then accept this and this is done okay so since it's done let's refresh this okay now a new browser window will open and select you will have to go back to the portal and select a refresh to confirm your acceptance refresh okay so now you can see this application has an admin consent granted by an administrator good so we are ready with this now you can go back to the portal okay the return formulate the URL to send your trusted partner which is your so standard admin this time okay so they can also accept this application to enable mailbox migration here is an example of the URL okay so let's copy this URL will paste this URL here it's enough here if you guys see this URL has couple of important details that we need to mention here now this says a source tenant The Source Center details has to be mentioned here this time okay now what we'll do is this Source tenant details we will has a place where are so standard details let's go back to Source Center details so now this is Cloud red team dot on microsoft.com copy this or if you guys want um see whatever the URL that you have which ends with DOT on microsoft.com this is what your tenant name is let's copy the entire tenant name itself in that case okay I've been consent now this is the ID that we have so we'll copy the ID application ID which we have created okay Ctrl V and redirect URL to https office.com copy this go back to document once couple of notes you will need the application ID of the mailbox migration application which are created which we have already created and copied you will need to replace Source tenant okay in the above example with your son and current on Microsoft which we have already done okay now you will also need to replace this with the application ID of the mailbox Migration app okay so we have replaced complete along with the brackets all right now this is what we need now let's say is prepare the target tenant by creating an creating the exchange online migration endpoint and organization relationship so we have to connect with the exchange online Powershell this is how you will connect to the Target in the Target exchange online tenant okay create a new migration endpoint for crosstalk mailbox moves so this we have formulated Point number 23 we have formulated but we have not given this URL to the source tenant at this point of time okay now we'll copy this okay we'll copy this details and then we'll have to prepare this details for our destination tenant this time okay no copy this and we'll open a new notepad file we have to work very carefully we need to replace a couple of things let's check what okay now leave this as it is leave this as it is where if this details is equals to true then enable organization customization leave this as it is application ID will have to change okay what is that where is the application ID here or you can copy the stronger HR portal directly okay now rentals new object type name system admin Auto information PS argument app ID which we have given here it will take it from there convert to secure string string value so this is your secret password you saved in the previous steps so let's remove this go back to the notepad where you have this is the value that you have created of here Oxford so application ID okay so it will take from there and the password it will take from here now um so this line has completed this line is copied last one new migration endpoint we're creating a new migration endpoint a remote server outlook.office.com remote tenant now I will have to put a source tenant name once again The Source standard name is um you can copy from here also so let's copy this let's go stand [Music] let's change this entire information [Music] um okay so credentials okay now this is where you will mention your uh endpoint name okay this endpoint name will be used couple of times so make sure that you put it in such a way that you'll know that what is your endpoint name okay in my case let's mention as aggression okay and then this is for the application ID which it will take from the system itself now at this part is ready let's save this okay no let me verify a couple of things okay let's save this as in my document okay yes Target what yes here I'll say all files okay now if you guys go here this is my one Powershell five now this is ready um once this is done okay once this is done we will have to open the Powershell and connect to the Target Talent account okay so this is where our Powershell is let's close this and open once again so we'll run this Powershell as administrator okay and then connect hyphen exchange online give them the details of our Target tenant not so standard okay our blue is our Target credentials so now it is connecting good now we'll have to go to CD CD Dot um we have to go to 3D space [Music] users indeed [Music] desktop the less Target or TPS okay change [Music] let's see if good okay looks like [Music] something was missing probably so we'll wait until this completes with an error or if it completes with the successful results it will show us the details down here if it runs okay good so now if you guys see we have got the connection point which is our migration endpoint as per our command prompt details that we have given it is created okay which is good news now let's go back to the document now we'll have to perform another Powershell first okay yeah correct now we'll have to perform this step and uh you're Notepad um okay let's open a new one that's open Ed ID tenant ID of your trusted partner where the source mailboxes are yeah we need a tenant ID okay so we'll go back to The Source Talent portal.insure.com on your Source Talent okay so of course manage active directory under overview this is where your tenant ID is located not the tenant name we need a tenant ID here let's copy this let's paste this here okay now um this looks fine this looks okay this looks okay set organization relationship mailbox enabled inbound if null okay now here on the source side remember we have created the endpoint migration endpoint so here we'll have to create a relationship so let's name this as relationship itself remove the brackets and and this is fine this is fine and then Source tenant ID will be taken from here okay so I don't think we'll have to change this much okay done done done done that's it okay okay now this command if you guys see as per the Microsoft create a new or edit existing relationship to your Source Talent but this command will have to run on the Target first okay because we are setting up the inbound relationship with the from the source side okay so now after this will have to save this file save as so let's mention this as I get two so we are just segregating the names which we are running on target system and if we are running some commands on sourceful for that source all right so Target 2 and Dot PS 1 okay let's save this as well and of course we can close this minimize this let's go to Powershell and then Target 2. okay good so the relationship is also created at the step okay um good so now we have to open the Powershell for the source standard as well so let's go to commercial run as administrator now we are going to The Source tenant okay change online so minimize this so red team is our source tenant we'll go to the credentials good no after this what we'll have to do is we will have to go to the documentation first okay now the same command same command we will have to run in the Source tenant as well okay which is Trench okay no actually this is what we'll have to copy of one step okay after this I believe so this part is done right I will have to copy this admin consent one prepare the sauce accepting the migration from the browser go to URL link provider by your trusted partner consent the mailbox migration so now this time okay this is a time when we are opening this URL which we have prepared earlier we've prepared this earlier okay here but we have not implemented this step so now prepare the source tenant by accepting this so we'll go to our source 10 and now this is our Source Talent yeah after team R is our social places you are on the browser okay so red team is the credentials accept this and after this it should be all done let's wait for this okay good good so this is fine this is fine where we are where we are okay printing good so this step is completed now after this step we'll come back to the document we are setting up our destination ID now okay again a new notepad there's lots of more pads this now Target tenant ID Target tenant ID will have to copy this time and the last similar command we use the source tenant ID now we'll go back to our Target system okay we'll go back to overview sorry home few Target and ID and this is ID application ID that we have created which is there in this other Notepad okay book name is the email enabled Security Group and that contains a list of users who will be allowed to migrate okay guys this is an important step now for this what we have to do is we have to go to Source Center go to Office 365 go to show all teams and groups okay active teams and groups here mail enabled security is something which is very important you will have to create a mail enabled Security Group okay mail enable security and you can name the group Maybe migration or whatever that you feel is comfortable or as per your comment so admin um I'm saying myself at the moment members all the other members that we need to migrate has to be part of this group it is very important without that when you're doing the first test your test will fail your migration will fail so whatever users and whoever is a user has to be migrated their mailbox has to be migrated from source to the destination tenant has to be part of mail migration group mail enabled Security Group now we'll have to get the name also the email ID okay so let's give this name as a migration at the rate Cloud red team dot on microsoft.com good let's copy this also first for our reference we'll create the script let's go back to notepad and paste this ID but now rest of the things remain same um okay let's wear it everything is okay here okay this is fine if okay name of your organization relationship remember the name the name is relationship if you have changed your name so then you have to keep the same name here as well I think rest everything looks okay nothing else has to be modified could okay I'm ready with these commands and now I'll save this as save as this time source dot PS1 okay all files desktop and Save okay I can close this now did I save this Target Target same as [Music] Source dot VS1 all files save huh okay good so here we are here we are and the document okay so tenant ID you need to Source ID and Target ID is a guided this is fine good so we are ready with the source tab as well it is a source yeah there's a source destination is this where we have created this relationship okay now let's minimize the target and CDs space I'm very bad with the commands [Music] okay CD space users [Music] um desktop good so dot backslash Source or ts1 push it okay isn't currently allowed in your organization to run this command first need to run the command enable organization customization okay I did not run this earlier but maybe this is one of the requirements I'm not really sure so uh guys check this from your side as well um I did not run this last time when I performed this on a production environment it looks like this is a prerequisite for the Powershell to run certain commands because this is actually changing um I was playing on the tenant ideas playing on couple of other things as well it's bad with the commands [Music] okay oops sorry I was on the right side yeah and desktop so I ran this command which one here good so this is done okay now we need to in the next step everything is done till here tell the relationship side now how do we know that this is working now we need to test this okay if this test has failed I'm sorry but you'll have to delete everything start from scratch okay now let's go and test this after this test we'll end this video and the rest of the parts will be continuing on the second video second part of this video okay um let's test this once again I'm following the same endpoint so endpoint name what was endpoint name endpoint name was migration that we can validate as well and primary SMTP address of mail user object in the Target tenant okay let me just cross check if everything is fine here for the testing okay we are missing one point but that's not like it's not like uh you know too late or something this we can perform any time when we are ready with other steps okay what you're missing is any migration that you will be doing okay after this part tell the whatever we have performed is right there is nothing wrong what we else we need to do is we need to create the mail user account okay mail user account if you guys have done some if you guys are already familiar with hybrid environment exchange environment or so then you guys will know that when you perform the migration between on-premise Exchange Server to cloud or from Cloud to Office 365 when your infra is on hybrid environment so in one of the site you will have mail user created okay the second side will have the details about these mail users so now we have to create a tenant ID not sorry on the tenant ID we'll have to go to exchange and we'll have to create a mail user and these male users will be created manually equals to the source tenant details for every body okay so now okay mailboxes so we'll go to contacts okay and we'll create a mail user mail user right okay now let's go back to our demo user so we'll match this names okay so demo user one user one a name is user one so guys email ID will be your this email ID The Source email address okay so what is the source email address this is a source email address or let's go to notepad and copy it from there so we are talking about user one it is very important to match the email address Alias is a login name basically it is a military column so it will be having the following the same username and the destination and it as well and the password which you want to keep on the destination okay good so looks like we are ready for the user number one similar way we'll have to create all the other users as well so let's refresh this wait for this to come back and this is the SMTP address that we are looking for once again this is the source tenant email address okay now email address but the tenant ID with the tenant ID okay go back and paste now this thing will have to run I believe on the destination tenant to test this you can verify cross standard migration configuration by running test migration already against the constant migration Point nutrient Target Talent okay now let's go to the Target Direct and run this foreign [Music] parameter cannot be found that accepts argument okay okay with migration server availability equation you know why you know why I'll tell you why this has a problem which I mentioned at the beginning the space should not be there this space should not be there as per the documentation I got scared guys [Music] yeah and this piece is required and then hyphen no I think we can run this okay this got failed okay this is fail let's run this once again it might take some time does not have a farad exchange uid okay good I know what to do oh you need to and this is where you know these documents doesn't have the proper information but it actually has also so exchange geoid has to be copied from The Source tenant now what you'll do is you'll go to your Source standard of course and then you want to get the details of your Source Talent so the command that you will run is this gel copy here okay so even if you guys are following these steps okay these steps we have followed from beginning till here okay now these are the next steps actually of course but you know they have mentioned in such a complicated way their view might get confused now we need this so we were talking about this as an email ID so let's copy this here okay and read full list of exchange uid Legacy name and archive geoid guys this is what you need when you want to migrate the archive detail archive also a type folder okay mailbox as well so now we don't really need to do that now now this crime we'll run this commands on the Avion Source element yeah so we have the exchange uid and then we have the exchange Legacy copy these copy and paste okay now will copy this FB to make sure guys this is the target domain okay so we'll have to set this but not red to this time and the ID has to match this cuid has to match okay now Ctrl C and we'll run this on the destination tenant and it should say okay good now let's run this command once again for the testing for user one how it goes okay remember this this is also required so this is the reason we have copied this I was just showing here now what we'll do is on the destination tenant we are already on Exchange we'll go to classic Exchange okay we'll go to classic exchange we'll go to contacts as of now we have created just one contact right now okay which you guys have seen here where okay here but yeah so we'll edit this okay we'll go to email addresses we'll say Plus we'll say change this with x 500 and the email address this time will be with one space only one phase important there is only one space copy this entire value okay and paste this value here okay make sure there's no space this has one space and you will say okay and save this good now uh looks like now we are ready for the first part of this migration if we test this this has to be successful without any issues this time okay it is taking some time to update a text like you know probably 10-15 seconds so let's run this command once again and hopefully this will say successful good so now we have a successful result which means uh this migration endpoint is ready to take the migration from source to destination once again what we'll do is we'll perform this for the user 2 as well and for rest of the users I'll do it offline okay just to ensure that everything is fine uh and then you guys understand what we need to do okay on the destination tenant um we'll have to create another mail user okay now this is demo user two display name can be anything demo user two external email address is the email address of the source so user to okay Alias is mandatory so this will be the login name and login name and domain and password so now you guys have this as ready okay so now we'll go back to our this part here I'll change this to 2 okay let's move this this part you will copy you go to Source tenant to get the details you will copy these details okay note this down that this is for user to this time and exchange you ID is this I understand completely that there is a huge manual work huge manual work but if you guys miss one part your migration is going to fail okay I'm on the destination tenant once again so I'm setting the identity for user 2. code blue team nothing to change geoid I have already changed so let's paste this also oops can I copy this what is happening straight foreign so this is done if you guys see this is failing so probably your email ID is not correct or there's a space in between or something else next part is you will remove this match here and put a space single space copy this this mail user is already created so you'll go to contacts you'll refresh this you will see demo user too since I'm in the destination tenant refresh demo user 2. edit this email addresses edit no not edit sorry add X500 Ctrl V make sure single space and make sure no space save okay let's refresh this okay let's run test migration [Music] this time for user to it's time for user two if it fails which means X500 is taking some time and if it is not taking some time since we are running after few seconds so hopefully it will be all good good so that's an end point is migration endpoint all right so you when you will start this migration on the target side you'll see this end point as well so let's go to migration whereas migration exchange you're already on Exchange migration so when you add this first batch let's add a test match here okay I'd like to exchange online which is fine migration type so this time we are going for uh cost and migration you'll see this end point which we have created through the command lines okay this video we are closing it now already because this will be a long video device so consider this phase one and phase two phase one we are guys are ready to perform this activity of migration for two users at the moment you guys have seen that how fast we can perform once the first part is done this is easier step okay I'll do it offline for all these five users until when then we'll perform this migration on the uh next video okay so I'll be closing this video for now and then we'll continue once

Info

Channel: Binary Minds LLC

Views: 38,232

Rating: undefined out of 5

Keywords: #microsoft, #office365, #migration, #tenantmigration, #microsoft365

Id: 5uAAgBbrosg

Channel Id: undefined

Length: 63min 10sec (3790 seconds)

Published: Sun Sep 04 2022