Introduction
Power365 provides the “Domain Cutover” or move functionality. After a tenant mailbox and group migration, the next step during a domain consolidation or divestiture project is to move any registered Microsoft 365 Domains (i.e. Exchange Online Accepted Domains) from one Microsoft 365 tenant to another.
Manually moving a domain from one Microsoft 365 tenant to another is a tedious, multi-step, intensive procedure that must be carefully planned and executed at the proper time to ensure a seamless user transition. One of the biggest obstacles during this process is that email sent to the domain is not deliverable because it is held until the move is complete. This can cause delays, lost messages and decreased productivity.
The Power365 Domain Cutover is the solution. This powerful feature guides the migration operator through the entire domain move process and automates many of the steps. It works in conjunction with the Email Rewrite Service (ERS) to maintain deliverability throughout the move. Mail is never held but is delivered on time, ensuring your users never miss any business-critical messages.
This step-by-step guide walks through how to configure Power365 to move a domain between two Microsoft 365 Hybrid tenants.
Topics
This guide covers the following topics:
-
Configuring Power365 Domain Move Project
-
Deploying and Configuring Directory Sync integration
-
Validating object matches
-
Performing Domain Move between two Microsoft 365 tenants
-
Validating the Domain Move results
-
Frequently Asked Questions
Requirements
General
-
Client is licensed for Power365 Integration Pro for Domain Move
-
One Global Administrator Account for each Microsoft 365 tenant
-
One Domain Administrator Account for each On-Premise Active Directory attached to the tenant
-
One dedicated server to install the Directory Sync agent
-
Permissions to download and install Directory Sync agent
The local agent must meet the following minimum hardware requirements:
-
At least one (1) Windows Server 2012 R2, 2016 or 2019
-
Additional Windows servers may be deployed; limit of 5.
-
CPU: 4 Cores
-
Memory: 4GB Free
-
Disk: 40GB Free Disk Space excluding Operating System.
The local agent must meet the following minimum software requirements:
-
Windows Server 2012 R2, 2016 or 2019
-
.NET 4.5.2. NOTE: .NET will automatically be installed if needed.
-
TLS 1.2 or higher
Domain and Forest Functional Levels
-
2012 R2 or 2016
-
Directory Sync web interface use TCP port 443 (HTTPS).
-
Agent web connections use port 443 to Directory Sync host application.
-
DCs use TCP ports 139, 389 (UDP), 445, and 3268.
-
SID History functionality uses TCP ports 135, 137-139, 389 (UDP), 445, 1027, 3268, and 49152-65535.
Local Active Directory Account
-
Agent installer will prompt for a domain account with permission to read and write on-premises Active Directory.
-
An agent intended to sync all domains in a forest must have rights to all domains and objects used in workflows.
Azure AD Application Account
-
An account with Global Administrator Role is required to grant permissions and establish connection when adding a Cloud Environment.
Azure AD PowerShell Accounts
-
Three (3) PowerShell accounts are automatically created to read and update objects in the cloud. To do this an OAuth token is used from the account used to add the Cloud Environment.
-
These PowerShell accounts do not require any Microsoft 365 licenses.
Email Rewrite Service
One of the biggest obstacles during this process is that email sent to the domain in transit is not deliverable because it is held until the move is complete. This can cause delays, rejected messages and decreased productivity. Power 365 addresses these concerns with the Email Rewrite Service (ERS). ERS provides the administrator an options on how email should be delivered during a move:
Email rewrite service offers a full coexistence experience for end-users that are affected by the domain move. It relays incoming email messages sent to the source user mailboxes to their matching target user mailboxes. The benefit of choosing email relay service is there is no email disruption while the domain is being moved.
Email rewrite service is the best choice when:
-
A large number of objects are associated with the tenant and the domain move process is expected to take hours.
-
Continuous email delivery during the domain move is a requirement. Mission critical systems and businesses are impacted when email delivery is suspended.
-
Custom Transport rules and connectors are allowed in Exchange Online for either source or target tenant.