Settings
This user guide covers the steps required to configure and perform a Domain Move. The Domain Move Quick Start Guide summarizes these steps and addresses some frequently asked questions.
Directory Integration
What is Directory Integration?
Directory Integration refers to the Directory Sync components that are automatically deployed and configured when you set up a Premium Integration project.
Where do I manage Directory Integration?
Directory Integration will display under Settings when a Domain Move project is created. To manage the Directory Sync components of your project, click Directory Integration from the left navigation menu, see figure 1.
Figure 1: Settings Menu for Domain Move Project
What can be managed from Directory Integration?
After project configuration, You may use the Directory Integration tab to check on the status of their workflows and local agents, download history logs and manage the Organizational Units (OU) for creating new objects during Prepare and Cutover activities.
How do I create a new agent?
From Directory Integration management, see figure 2, click the New button to begin creating a new agent for your existing environments.
Are agents automatically upgraded when a new version is available?
Yes, if the Auto Upgrade feature is checked (see figure 2), then agents will automatically be upgraded when new versions are available.
Certificates
What are certificates?
Certificates will display, under Settings within the Domain Move project. Certificates are used to ensure secure message transit with TLS.
Figure 1: Settings Menu for Domain Move Project
What is required to ensure mail delivery during Domain Move?
For full details about TLS certificate requirements see the SSL requirements.
Where can I verify the status of my certificates?
Existing certificates can be viewed by selecting Certificates from the left navigation menu, see figure 1. The Mail Relay Service page will open,figure 2.
Figure 2: Mail Relay Service
Where do I manage certificates?
Certificates are managed within your project. They are uploaded during project setup and can be removed or newly uploaded by editing your project. Follow these steps to add a new certificate or remove an existing certificate from your project setup.
- Open the desired project.
From the project dashboard click Setup.
From the project summary, click Security.
The project certificate page will open.
Figure 5: Project Wizard Certificate Management
- If a certificate has expired and you need to upload a new version, then simply click the X to remove the existing certificate.
- After removing the old certificate, click Upload to provide a valid certificate. Be sure it meets requirements. It must be in the PFX format with a valid password.
- After uploading the new certificate, click Next to navigate to project summary.
- Click Next again.
- Now click Skip Discovery to return to the project dashboard.
Email Relay Service
What is the Email Relay Service?
One of the biggest obstacles during this process is that email sent to the domain in transit is not deliverable because it is held until the Domain move is complete. This can cause delays, rejected messages, and productivity. On Demand Migration for Active Directory addresses these concerns with its robust Email Relay Service which provides the administrator options on how email should be delivered. Migration Administrators can choose Either Basic Mode or Advanced Mode s based on their project requirements.
Microsoft has enabled “MTA-STS for Exchange Online” security feature in Exchange Online, and will refuse deliver messages to servers that don’t support TLS and have a trusted certificate. Customer will need to update their MTA-STS policy and add the Email Relay Server’s MX records to the policy. Below is a sample of the policy, additional detail for MTA-STS implementation in Exchange Online, please refer to Introducing MTA-STS for Exchange Online - Microsoft Tech Community link.
When Should Basic Mode be used?
Choose this mode if you would like to queue your emails using your existing delivery service during the domain move process. Mail flow for your domain will be resumed after the domain move has completed.
Basic Mode is easy to setup and requires no configuration changes to the tenant. Tenant administrators have the option to hold the email message delivery while the domain is being moved or to send the email messages to their own relay service provider for final delivery. In this mode, the directory synchronization component of On Demand Migration for Active Directory will facilitate the move for email addresses and domain names between tenants but it will not be responsible for the mail flow.
Basic Mode is the best choice when:
Only a handful of objects associated with the tenant and the domain move process will be done within a couple hours.
Continuous email delivery during domain move is not a requirement, and messages can be queued for delivery after domain move is completed.
Custom Transport rules and connectors are not allowed in Exchange Online for either source or target tenant.
When should Advanced Mode be used?
Choose this mode if you would like to have mail delivered to your users in the target tenant during the domain move process. Transport rules and connectors will be configured in the tenants when this mode is selected.
Advanced Mode offers the full coexistence experience for end-users that are affected by the domain move. It will relay incoming email messages sent to the source user mailboxes to their matching target user mailboxes. The benefit of choosing Advanced Mode is there is no email disruption while the domain is being moved.
Advanced Mode is the best choice when:
A large number of objects are associated with the tenant and the domain move process is expected to take hours.
Continuous email delivery during the domain move is a requirement. Mission critical systems and businesses are impacted when email delivery is suspended.
Custom Transport rules and connectors are allowed in Exchange Online for either source or target tenant.