Chat now with support
Chat with Support

On Demand Migration Current - Active Directory Domain Rewrite Quick Start Guide


On Demand Migration provides the “Domain Rewrite” or Email Rewrite (ERS) functionality. This powerful feature allow end users to communicate from a common email domain from Day One—on both inbound and outbound mail—so you present as a unified, cohesive brand. And, you get all of this without downtime — so you won’t have critical gaps in communication.

​This step-by-step guide walks through how to configure On Demand Migration Domain Rewrite service between two Microsoft 365 tenants.


This guide covers the following topics:

  • Domain Rewrite project requirements

  • Configuring an On Demand Migration Domain Rewrite Project

  • Enabling the Rewrite

  • Email Rewrite validation

  • Disabling the Rewrite

  • Frequently Asked Questions


Project Requirements


  • Client is licensed for On Demand Migration Domain Rewrite

Microsoft Entra ID Application Account

  • An account with Global Administrator Role is required for each Microsoft 365 tenant to grant permissions and establish connection when adding a Cloud Environment.

Microsoft Entra ID PowerShell Accounts

  • Three (3) PowerShell accounts are automatically created to read and update objects in the cloud.  To do this an OAuth token is used from the account used to add the Cloud Environment.

  • At least one (1) E1 or above license must be available to be assigned to the PowerShell account for Domain Move/Domain Rewrite Projects.

  • The accounts must be excluded from MFA requirements.

Additional Requirements for Hybrid Tenants

Important: A local Directory Sync agent is only required when working with Hybrid MailUsers (a mailuser object synced with a local active directory object). 


  • One dedicated server for each On-Premise Active Directory to install the Directory Sync agent

  • Permissions to download and install Directory Sync agent

Local Active Directory Account

  • Agent installer will prompt for a domain account with permission to read and write on-premises Active Directory.


The local agent must meet the following minimum hardware requirements:

  • At least one (1) Windows Server 2012 R2, 2016 or 2019

  • Additional Windows servers may be deployed; limit of 5.

  • CPU: 4 Cores

  • Memory: 4GB Free

  • Disk: 40GB Free Disk Space excluding Operating System.

Important Tip: Do not install local agents on AD domain controllers in a production environment.

The local agent must meet the following minimum software requirements:

  • Windows Server 2012 R2, 2016 or 2019

  • .NET 4.7.2. NOTE: .NET will automatically be installed if needed.

  • TLS 1.2 or higher

Domain and Forest Functional Levels  

  • 2012 R2 or 2016 


  • Directory Sync web interface use TCP port 443 (HTTPS).

  • Agent web connections use port 443 to Directory Sync host application.

  • DCs use TCP ports 139, 389 (UDP), 445, and 3268.


This topic describes how to set up the On Demand Migration Domain Rewrite Project.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating