Sign In Request

Continue

Support Forms Under Maintenance

Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.

Continue
Chat now with support
Chat with Support
  • Get Live Help

  • Complete Registration

    Sign In

    Request Pricing

    Contact Sales

Please select your product:

You have selected a product bundle. Can you please select the individual product for us to better serve your request.*

There is not a technical support engineer currently available to respond to your chat. For prompt service please submit a request using our service request form.

To serve you better, please complete the Purpose of your Chat:
2000 characters remaining

Recommended Solutions for Your Problem

The following articles may solve your issue based on your description.

No Results Found
View All Solutions
Close Start Chat
image.logo.print
image.logo
  • Products
    • View all Products
    • Free Trials
    • Buy Online
    • Product Lines
      • Change Auditor
      • Enterprise Reporter
      • Foglight Database Monitoring
      • Foglight Performance Management
      • KACE
      • Metalogix
      • Migration Manager
      • Netvault Backup
      • One Identity
      • QoreStor
      • Quest On Demand
      • Rapid Recovery
      • Recovery Manager
      • RemoteScan
      • Shareplex
      • Spotlight
      • Stat
      • Toad
    • Featured Products
      • Cloud Management
        • Cloud Access Manager
        • Foglight for Virtualization
        • Identity Manager
        • On Demand Migration for Email
        • Quest on Demand
        • Rapid Recovery
      • Data Protection
        • Foglight for Virtualization
        • NetVault
        • QorePortal
        • QoreStor
        • Rapid Recovery
        • vRanger
      • Database Management
        • Foglight for Databases
        • LiteSpeed for SQL Server
        • Shareplex
        • Space Manager with LiveReorg
        • Spotlight on SQL Server Enterprise
        • Toad Data Point
        • Toad DevOps Toolkit
        • Toad Edge
        • Toad for Oracle
        • Toad for SQL Server
      • Identity & Access Management
        • Active Roles
        • Cloud Access Manager
        • Identity Manager
        • Password Manager
        • Privileged Access Suite for Unix
        • One Identity Safeguard for Privileged Passwords
        • Starling Identity Analytics & Risk Intelligence
        • Starling Two-Factor Authentication
        • syslog-ng
      • Microsoft Platform Management
        • Active Administrator
        • Change Auditor
        • Enterprise Reporter
        • GPOAdmin
        • InTrust
        • Metalogix
        • Migration Manager
        • On Demand Migration for Email
        • Quest On Demand
        • Recovery Manager
      • Performance Monitoring
        • Foglight Capacity Director
        • Foglight Hybrid Cloud Manager
        • Foglight for Databases
        • Foglight for Operating Systems
        • Foglight for Oracle
        • Foglight for PostgreSQL
        • Foglight for SQL Server
        • Foglight for Storage Management
        • Foglight for Virtualization
        • Spotlight on SQL Server
      • Unified Endpoint Systems Management
        • Desktop Authority Management Suite
        • KACE Cloud Mobile Device Manager
        • KACE Desktop Authority
        • KACE Privilege Manager
        • KACE Systems Deployment Appliance
        • KACE Systems Management Appliance
        • RemoteScan
  • Solutions
    • View all Solutions
    • Industries
      • Education
      • Federal Government
      • Healthcare
      • State & Local Government
    • Cloud Management
    • Platforms
      • Active Directory
      • Cisco
      • DB2
      • Exchange
      • Google
      • Groupwise
      • Hadoop
      • Hyper-V
      • Lotus Notes
      • Office 365
      • OneDrive for Business
      • Oracle
      • SAP/Sybase
      • SharePoint
      • Skype for Business/Lync
      • SQL Server
      • Unix/Linux
      • VMware
      • Windows Server
    • Data Protection
      • Overview
      • Backup and Recovery
      • Business Continuity
      • Cloud Management
      • Deduplication and Compression
      • Diaster Recovery
      • Virtualizaton Management
    • Database Management
      • Overview
      • Administration
      • Cloud Management
      • Data Preparation and Analysis
      • Development
      • DevOps
      • Performance Monitoring
      • Replication
      • Supported Platforms
        • Hadoop
        • Oracle
        • SQL Server
    • Unified Endpoint Systems Management
      • Overview
      • Endpoint Compliance
      • Endpoint Security
      • Endpoint Visibility
      • Supported Platforms
        • Internet of Things
        • Microsoft Windows
        • Mac
        • UNIX/Linux
    • GDPR Compliance
    • Identity & Access Management
      • Overview
      • Access Management
      • IAM as a service
      • Identity governance
      • Privileged Access Management
      • Log Management
    • Microsoft Platform Management
      • Overview
      • Group Policy and Permissions
      • Hybrid Active Directory Security and Governance
      • Information Archiving & Storage Management
      • Migration and Consolidation
      • Performance and Availability
      • Reporting
      • Security and Compliance
      • Windows Backup and Recovery
      • Supported Platforms
        • Active Directory
        • Cisco
        • Exchange
        • Google
        • Groupwise
        • Lotus Notes
        • Office 365
        • OneDrive for Business
        • SharePoint
        • Skype for Business/Lync
        • SQL Server
        • Unix/Linux
        • Windows Server
    • Performance Monitoring
      • Overview
      • Database Performance Monitoring
      • Operating System Monitoring
      • Storage Performance and Utilization Management
      • Virtualization Management
      • Supported Platforms
        • Active Directory
        • DB2
        • Exchange
        • Java
        • Hyper-V
        • .NET
        • Oracle
        • SAP/Sybase
        • Storage
        • SQL Server
        • Vmware
  • Resources
    • Blogs
      • Blogs A-Z
      • Data Protection
      • Database Management
      • Microsoft Platform Management
      • Performance Monitoring
      • Unified Endpoint Management
    • Customer Stories
    • Documents
    • Events
    • Webcasts
    • Technical Documentation
    • Videos
    • White Papers
  • Services
    • Consulting Services
      • Overview
      • Microsoft Platform Management
      • Data Protection
      • Unified Endpoint Systems Management
      • Performance Monitoring
      • Database Management
    • Educational Services
    • Support Services
  • Support
    • Support Home
    • By Product
      • All Products
      • AppAssure
      • Archive Manager
      • Change Auditor
      • Desktop Authority
      • DR Series
      • Foglight
      • KACE
      • Migration Manager
      • NetVault
      • Rapid Recovery
      • Shareplex
      • Toad
      • vRanger
    • Contact Support
      • Contact Us
      • Customer Service
      • Licensing Assistance
      • Renewals Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Consulting Services
      • Microsoft Platform Management
      • Data Protection
      • Unified Endpoint Systems Management
      • Performance Monitoring
      • Database Management
    • Technical Documentation
    • Educational Services
    • User Forums
    • Video Tutorials
  • Trials
  • Partners
    • Overview
    • Partner Circle Login
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • Data Protection
      • Database Management
      • ITNinja
      • Microsoft Platform Management
      • Performance Monitoring
      • ToadWorld
      • Unified Endpoint Management
    • Forums
      • All Product Forums
      • Active Administrator
      • Desktop Authority
      • Foglight
      • ITNinja
      • Migration Manager for Active Directory
      • NetVault
      • Rapid Recovery
      • ToadWorld Forum
    • Social
      • Facebook
      • LinkedIn
      • Twitter@Quest
      • Twitter@QuestSupport
      • Youtube
Sign In
  • Become a portal pro
  • Print
  • My Downloads ()
  • Support
  • Technical Documentation
  • On Demand Migration Current
  • On Demand Migration Current - Active Directory User Guide

On Demand Migration Current - Active Directory User Guide

Table of Contents  
Home Domain Move
Platform Requirements Domain Move Requirements Setup
Projects Environments Pairing Matching Agents Discovery
Domain Cutover Settings
Directory Integration Certificates Email Relay Service
Navigate
Dashboard Menus Actions Users and Mailboxes Groups and Teams
Directory Sync
Directory Sync Requirements Setup
Workflows Templates Agents Guest Users
Settings
Environments Alerts Scripts Data Sets
How-To
Guest User How-Tos
Active Directory
Planning the Migration Project Active Directory Requirements Setup
Environments Workflows Profiles
Migration Profiles Network Profiles Device ReACL Profiles File Share ReACL Profiles Credential Profiles Credential Cache Profiles
Configurations
Actions Downloads Installing the Active Directory Agent Repositories Variables
Migration Waves
Migrate and Navigate
Devices and Servers File Shares and Network Storage
How-To
Offline Domain Join (ODJ) Custom Action Example
FAQs
General FAQs
Additional Info
Architecture Troubleshooting Cutover Job Result Codes Upload Logs Result Codes SQL Repermission Tool
Domain Rewrite
Domain Rewrite Domain Rewrite Requirements DKIM TLS/SSL Rules, Connectors, and Groups DMARC
Deleting Customer Data Active Directory Third Party Components
  • Viewing Topics 1 - 4 of 79
  •  Previous
  • Next 

Home

  • Domain Move

  • Directory Sync

  • Active Directory

  • Domain Rewrite

  • Third Party Components

Domain Move

Platform Requirements

Supported Environment Deployments  

Domain move between two Microsoft 365 tenants cloud-only or hybrid tenants is supported.

 

Exchange Hybrid Deployments  

Domain Move currently provides limited support for Exchange hybrid deployments. Environments with an Exchange Server 2013 (or later) hybrid deployment are supported, but with the following limits on functionality:

  • Support for the Email Relay Service is limited to mail flow configurations that use Microsoft 365 for message ingress and egress. Centralized mail flow configurations that use the on-premises Exchange environment for inbound and outbound message delivery may require custom configuration with Support.

 

Application Service Account Requirements  

To set up a Domain Move project the following must be provided by the owner of each of the associated Microsoft 365 tenants.

  1. Application Account: One (1) dedicated and licensed application service account to grant permissions and automatically orchestrate various activities within the project. This account must have the Exchange Online plan assigned to facilitate automatic email communications to end-users and project administrators during cutover activities, otherwise all communications will appear to be sent from the PowerShell account.
  2. Roles: The Global Administrator role is required for connecting environments for projects and workflows to grant permissions and to create a PowerShell account within each configured tenant.
  3. Licenses: At least one (1) E1 or above license must be available to be assigned to the PowerShell account for Migration/Integration Projects.

 

What are the minimum administrator roles required to manage a project?  

At a minimum, after project set up the following Microsoft 365 Role is required to automatically manage various aspects of your project.

  1. Global Administrator Role

Important Tip: For the best application experience, it is always recommended to use the Global Administrator role. However, it is only required during the initial Project setup, reconnections to the tenant or during a Domain Cutover event, where more authority is required. All account and role management are strictly the responsibility of the tenant administrators.

 

Modern Authentication Requirements  

Domain Move projects take advantage of Modern Authentication to help manage your projects. Modern Authentication is the default behavior for all Microsoft 365 tenants. Unless it was disabled, no action is required. However, we recommend the following configuration parameter is validated prior to deployment.

Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

If Modern Authentication is disabled it must be enabled prior to any migration activities can proceed. To enable Modern Authentication for Exchange Online, run this command under the correct authority.

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

Here is some additional information about how to Enable modern authentication in Exchange Online.

 

PowerShell  

The following accounts are required:

  • Account: One Cloud-only account will automatically be created during project setup.
  • Microsoft 365 Administrator Roles: Automatically assigned the Exchange and SharePoint Administrator roles.
  • Microsoft 365 License Requirements: Automatically assigned one available license (E1 minimum) for destination tenants.

Important Note: This account will automatically be assigned the Global Administrator role at the start of a Domain Cutover event, where more authority is required to complete the process.

Domain Move Requirements

Source and Target Domain Pairing  

During configuration, you will be asked to choose your source and target domains for each tenant. This process is called domain pairing.

 

Source & Target User Matching Attributes 

  • You will need to select a pair of attributes that will match exact values from the source user object to the target user object to discover and match the appropriate user accounts.

    • The available matching attributes are as follows, choose at least 1 with a maximum of 3:

      • userPrincipalName

      • mail

      • extensionAttribute1-15

Note: The userPrincipalName and mail attributes are matched based on the local part of the address and the paired Domains (e.g. Tom.Dean@contoso.onmicrosoft.com would use Tom.Dean@binarytree.onmicrosoft.com as a match against the target account.)

 

Multiple AD Forest Support  

If your organization has multiple Active Directory Forests are connected to your Microsoft 365 tenants, this is supported scenario for migration and integration. There are no additional requirements to support this deployment type.

 

Directory Synchronization  

Domain Move projects provide automatic orchestration of directory objects to provide capabilities to create and update directory objects during critical points within the migration or coexistence life cycle. To facilitate these activities the following is required for set up.

 

Local Agents for hybrid AD deployments  

For complete details about local Agents, visit Directory Sync Requirements.

 

Source & Target Organization Units for hybrid AD deployments  

Domain Move does not create Organizational Units. When deploying a Domain Move project that involves at least one (1) hybrid environment you must choose or create designated Organizational Units within your local AD Forest to allow new User or Contact objects be created.

 

Hybrid Tenant Support

The Active Directory forest attached to the Microsoft 365 Tenant must have the Microsoft Exchange 2010 SP3 (or later) schema extensions applied.

 

What is required to set up Directory Synchronization for Integration projects?  

For hybrid or mixed environments, where your local Active Directory (AD) is being synchronized to Azure AD the following is required.

  1. At least one (1) Windows server to host the local Agent.
  2. During set up, install at least one (1) local Agent in each AD Forest. Up to 5 agents are supported. One (1) agent per server.
  3. Account credentials for one (1) AD account with permissions to create and update objects within the designated Organizational Units (OU).
  4. Account credentials for one (1) Global Administrator within your Microsoft 365 tenant.
  5. Designated OUs in each environment to create new objects.

For additional details about local Agents, visit Directory Sync Requirements.

For cloud only environments, where there is no local Active Directory the following is required.

  1. Account credentials for one (1) Global Administrator within your Microsoft 365 tenant.

For more information about account permissions, click here.

 

Local Agents for hybrid AD deployments  

For complete details about local Agents, visit Directory Sync Requirements.

 

Source & Target Organization Units for hybrid AD deployments  

When deploying a Premium Integration project that involves at least one (1) hybrid environment you must choose or create designated Organizational Units within your local AD Forest to allow new User or Contact objects be created.

 

Hybrid Tenant Support

The Active Directory forest attached to the Microsoft 365 Tenant must have the Microsoft Exchange 2010 SP3 (or later) schema extensions applied.

 

Domain Sharing (Email Relay Services)  

To deploy Email Relay Services (ERS) between tenants the following will need to be ready prior to the configuration of the service.

During initial project set up you may choose to configure ERS now, if you are ready or later after the initial discovery is complete.

ERS Deployment Checklist:

The following checklist provides a quick reference to the items or decisions required to begin configuration of ERS.

  1. Procure one (1) SSL single domain certificate for each tenant environment using one (1) of the accepted domains.
  2. The password associated with the SSL certificate will be required when uploading each certificate.
  3. Choose which domains will particulate in ERS.

Important Tip:When using advanced Email Relay Service, please ensure the MTA-STS policy includes the Email Relay Server’s MX record to avoid email disruption.

 

SSL Certificates  

To successfully configure the Email Relay Service, a valid SSL certificate must be procured for all source and target tenants. The certificate must contain a single accepted domain, one (1) for each tenant. The selected certificate cannot contain subject alternative names (SAN). The common name (Subject Name) must match one (1) of the Exchange Online accepted domains configured within the tenant.

This certificate is utilized to secure the Exchange Online connectors over TLS that will be used to transfer message between the Email Relay service and each tenant. The new certificates will be uploaded to the project using a PFX formatted certificate. PFX files contain the public key file (SSL Certificate file) and the associated private key file (password).

The requirements for the certificate are as follows: (Names are for example purposes only.)

  • Common Name: contoso.com
  • Cryptographic service provider: Microsoft RSA SChannel Cryptographic Provider
  • Bit length: 2048 or higher
  • Must be valid for Server Authentication and Client Authentication.
  • Must be signed by a trusted public root CA.
  • Must contain a private key (password).
  • Must not expire before the end of the project.
  • Must have a Friendly Name defined.

Important Tip: The domain listed on the certificate cannot be moved as part of a Domain Cutover process. If you plan to move all accepted domains, you should plan to acquire a certificate for a newly created accepted domain to use as a placeholder. This domain will not be moved or used; it will be used only as the subject for the TLS certificate.

 

Domain Cutover  

There are no additional requirements to set up Domain Cutover services, however it is recommended that the following related topics be reviewed prior to execution.

Important Tip: The domain listed on the SSL certificate cannot be moved as part of a Domain Cutover process. If you plan to move all accepted domains, you should plan to acquire a certificate for a newly created accepted domain to use as a placeholder. This domain will not be moved or used; it will be used only as the subject for the TLS certificate.

  •  Previous
  • Viewing Topics 1 - 4 of 79
  • Next 
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

About Us
  • Company
  • Partners
Resources
  • Knowledge Base
  • Download Software
  • Technical Documentation
  • Educational Services
  • Consulting Services
Related
  • Rapid Recovery Licensing Portal
  • Renew Support
  • Licensing Assistance
Social
  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
United States web site version is selected
  • Albania
  • Angola
  • Anguilla
  • Antigua & Barbuda
  • Argentina
  • Aruba
  • Australia
  • Austria
  • Azerbaijan
  • Bahamas
  • Bahrain
  • Barbados
  • Belgium
  • Belize
  • Benin
  • Bermuda
  • Bolivia
  • Bosnia-Herzegovina
  • Botswana
  • Brazil
  • British Virgin Islands
  • Bulgaria
  • Burkina Faso
  • Burundi
  • Cameroon
  • Canada
  • Cape Verde
  • Cayman Islands
  • Central African Republic
  • Chad
  • Chile
  • 中国
  • Colombia
  • Comros
  • Congo
  • Costa Rica
  • Croatia (Hrvatska)
  • Cyprus
  • Czech Republic
  • Democratic Republic of Congo
  • Denmark
  • Djibouti
  • Dominica
  • Dominican Republic
  • Ecuador
  • Egypt
  • El Salvador
  • Estonia
  • Ethiopa
  • Finland
  • France
  • French Guiana
  • French Overseas Territories
  • French Polynesia
  • Gabon
  • Gambia
  • Germany
  • Ghana
  • Greece
  • Grenada
  • Guadeloupe
  • Guatemala
  • Guinea
  • Guyana
  • Haiti
  • Honduras
  • Hong Kong
  • Hungary
  • Iceland
  • India
  • Ireland
  • Israel
  • Italy
  • Ivory Coast
  • Jamaica
  • 日本
  • Jordan
  • Kenya
  • 대한민국
  • Kuwait
  • Latvia
  • Lesotho
  • Liberia
  • Libya
  • Lithuania
  • Luxembourg
  • Macedonia
  • Madagascar
  • Malawi
  • Malaysia
  • Mali
  • Malta
  • Martinique
  • Mauritania
  • Mauritius
  • Mayotte
  • Mexico
  • Monaco
  • Montenegro
  • Montserrat
  • Mozambique
  • Namibia
  • Netherlands
  • New Caledonia
  • New Zealand
  • Nicaragua
  • Niger
  • Nigeria
  • Norway
  • Oman
  • Panamá
  • Paraguay
  • Peru
  • Philippines
  • Poland
  • Portugal
  • Puerto Rico
  • Qatar
  • Reunion
  • Romania
  • Russian Federation
  • Rwanda
  • Saudi Arabia
  • Senegal
  • Serbia
  • Seychelles
  • Sierra Leone
  • Singapore
  • Slovakia
  • Slovenia
  • Somalia
  • South Africa
  • Spain
  • St. Kitts & Nevis
  • St. Lucia
  • St. Vincent & Grenadines
  • Suriname
  • Swaziland
  • Sweden
  • Switzerland
  • Taiwan
  • Tanzania
  • Thailand
  • Togo
  • Trinidad y Tobago
  • Turkey
  • Turks & Caicos Islands
  • Uganda
  • Ukraine
  • United Kingdom
  • United States
  • Uruguay
  • US Virgin Islands
  • Venezuela
  • Yemen
  • Zambia
  • Zimbabwe
United States
English

© 2023 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy

OK Go to My Account

IE 8, 9, & 10 No longer supported

The Quest Software Portal no longer supports IE8, 9, & 10 and it is recommended to upgrade your browser to the latest version of Internet Explorer or Chrome.

Upgrade to IE 11 Click here

Upgrade to Chrome Click here

If you continue in IE8, 9, or 10 you will not be able to take full advantage of all our great self service features.

Close