Chat now with support
Chat with Support

On Demand Migration Current - Active Directory Sync For Multi-Geo Tenants Quick Start Guide

Introduction

Microsoft 365 Multi-Geo addresses data residency requirements set by local laws and policies by allowing organizations to control where their data is stored.  Administrators can provision and store data at rest in either the central location or satellite locations, including end user’s Exchange Online Mailboxes, OneDrive for Business, Team and SharePoint Online data.

This quick start guide describes how-to setup Synchronization between your Multi-Geo Microsoft 365 tenants. To set up On Demand Migration Directory Synchronization between your tenants, source objects must be either matched to existing objects or created as new objects in the target environment. 

In this guide:

Directory Sync Requirements

  • Client is licensed for On Demand Migration Directory Sync
  • Microsoft Entra ID Application Account
    • An account with Global Administrator Role is required to grant permissions and establish connection when adding a Cloud Environment.
  • Microsoft Entra ID PowerShell Accounts
    • Two (2) PowerShell accounts are automatically created to read and update objects in the cloud.  To do this an OAuth token is used from the account used to add the Cloud Environment.
    • These PowerShell accounts do not require any Microsoft 365 licenses.
    • Exchange Administrator, Teams Administrator and User Administrator roles will be added for these PowerShell accounts.

Setting up On Demand Migration for Directory Sync

This chapter describes how to set up the On Demand Migration Directory Sync, setup the sync template and configure the Directory Sync workflow. 

In this chapter:

Adding Microsoft 365 Tenants to On Demand

This section describes how to add Microsoft 365 tenants and configure a Migration project using On Demand Migration. During project setup, an Office 365 Global Administrator account is initially required to add each tenant to the project.

Follow these steps to add each Microsoft 365 tenant for On Demand Migration. If there is an existing tenant from another project, it can be reused. 

  1. Log in to On Demand Migration.
  2. Navigate to Tenants.
  3. Click the Add Tenant.
  4. On Demand supports both Commercial and GCC High tenants. For the purpose of this guide, choose Add Commercial or GCC Tenant and click OK.
  5. Log in to Microsoft 365 with a Global Administrator account for the source tenant.
  6. Accept the requested Application Permissions.
  7. Click Finish.
  8. Repeat steps 2 – 8 for the target tenant.

Setting up the Directory Sync Environments

Follow these steps to setup the Directory Sync Environments.

  1. Log in to On Demand Migration.
  2. Navigate to Migration.
  3. Create a new migration project by clicking Create Project.
  4. Provide a migration project name and select the source and target tenant in the project wizard and click Save and Continue.

  5. Click Save and Continue again and click Finish and Close.
  6. Click on Directory Sync from the Project Dashboard.

  7. Once the On Demand Migration Active Directory module is loaded, click on the Directory Sync icon in the main dash view.

  8. Click Environments in the left navigation menu to display the environment page.

  9. Click New to open the environment wizard.
  10. Select Cloud and click Next.

  11. Type the name of the cloud environment and click Next.
  12. Click on Add Commercial or GCC tenant.

  13. Enter the tenant Admin Credential and accept the consents.

  14. Click Next.
  15. Configure the cloud environment filter group and click Next.
  16. Select the option Include Objects Synchronized with a Local Active Directory via Microsoft Entra Connect if you wish to include Hybrid Objects. For the purpose of this guide, we will leave this option unchecked and click Next.
  17. Review the environment summary and click Finish.
  18. Repeat Steps 7-15 for the target tenant.

Configuring the Directory Sync Template

This section provides a step-by-step guide on how to configure the Directory Sync Template.

  1. Log in to On Demand Migration.
  2. Navigate to Migration, and open your project.
  3. Click the Directory Sync icon.
  4. Click the Templates link via the hamburger menu.

  5. Click New and bring up the Template Wizard.
  6. Enter the name and description for the template and click Next.
  7. Select Cloud for source environment type and click Next.
  8. Select Cloud for target environment type and click Next.
  9. Configure the Users Synchronization options and click Next.  For the purpose of this guide, use the default options.
  10. Configure the Groups Synchronization options and click Next.  For the purpose of this guide, use the default options.
  11. Configure the Office 365 Groups and Teams Synchronization options, click Next.  For the purpose of this guide, use the default options.
  12. Configure the Contacts Synchronization options and click Next.  For the purpose of this guide, use the default options.
  13. Specify the default user password and click Next.
  14. Click New on the mapping template to include the PreferredDataLocation(PDL) attribute to synchronize Multi-Geo enabled User objects. Include the MailboxRegion attribute to synchronize Multi-Geo enabled Unified Groups.
    1. PreferredDataLocation – User Objects

    2. MailboxRegion – Unified Groups

  15. Review the template summary and click Finish.

Configuring the Directory Sync Workflow

This section provides a step-by-step guide on how to deploy and configure the Directory Sync Workflow.

  1. Log in to On Demand Migration.
  2. Navigate to Migration, and open your project.
  3. Click the Directory Sync icon.
  4. Click on New under Workflow to open the workflow wizard.
  5. Enter the workflow name and click Next.
  6. Select the environments and click Next.
  7. Select One Way Sync and click Next.
  8. The workflow wizard will have four(4) workflow tasks pre-selected, they are Read, Match, Stage and Write. We will need to configure all 4 tasks.
    1. Read – Select the environments from which you wish to read the objects.
    2. Match – This is the step where you will decide how to match existing objects across your Microsoft Entra directories. Matching is conducted by pairing sets of attributes to find corresponding objects.  Your two (2) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to populate some to ensure accurate matching.  For a successful Directory Synchronization, it is most important that existing objects are correctly matched.
    3. For the purpose of this guide, DisplayName and Name will be used for matching.

    4. Stage – Configure how objects are synced using the sync template.
      1. Select the Sync Template, click Next.
      2. Select the source environment, click Next.
      3. Select the target environment, click Next.
      4. Choose the target domain name, click Next.
      5. Configure any Stage Data filters. It is highly recommended to setup a filter to limit the scope when performing a test on the first sync as part of the validation.  click Next.
      6. Review the stage data summary and click Finish.
    5. Write – Specify the environment you want the changes to be applied to and click Next.
  9. Configure the Sync Interval. For the purpose of this guide, select Manually and click Next.
  10. Configure the Sync Alert. For the purpose of this guide we do not want to setup any alerts.  Click Skip.
  11. Review the workflow summary and click Finish.

Preparing Multi-Geo Objects

Preparing Multi-Geo Objects

This chapter describes how to configure multi-geo enabled objects.

  1. Setup a multi-geo test user in the source tenant, we will configure the object in Japan Azure Region.
  2. Create a user in the source tenant (example, ODMADMEU1), and set the PreferredDataLocation(PDL) value to “JPN”. 

    Get-MsolUser -SearchString ODMADMEU1 | set-MsolUser  -PreferredDatalocation JPN 

  3. Verify the Microsoft Entra ID User’s PDL is set to “JPN”

  4. Verify the user mailbox region is set to “JPN”. 

    get-mailbox ODMADMEU1 | Format-List DisplayName, Database, MailboxRegion

  5. Setup a multi-geo test Team in the source tenant, we will configure the object in Europe Azure Region.
  6. Set the Team’s Unified Group (example, ODMADGEPGrp) PreferredDataLocation(PDL) to “EUR”. 

    Set-UnifiedGroup -Identity ODMADGEOGrp -MailboxRegion EUR

  7. Verify the unified group mailbox region is set to “EUR”.

To find out how to enable Multi-Geo capabilities in your Microsoft 365 Tenant, see the Microsoft article Microsoft 365 Multi-Geo for more details.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating