On Demand Migration Current - Active Directory User Guide

What is a user?

A user within Domain Move is any Microsoft 365 or Active Directory objects with an associated Mailbox. This includes users, rooms, equipment, shared and group mailboxes.

When are users displayed?

After you have discovered your users.

How do I view users and mailboxes?

You may navigate to your users and mailboxes from the Project Dashboard.

From the Dashboard, just click Total Users to open the user management view.

Can I filter the user view?

Yes, you can filter the list by many criteria including migration wave and synchronization status. The list will narrow as you add criteria.

When you have narrowed your search, you can select one or more users, and then perform any actions against them or choose View Selected User to narrow your view even more. You may narrow the list by entering a search term. Each column can be sorted via the directional arrows.

How do I view user and mailbox details?

Double-clicking on a user will bring up detailed information about the status of all processes in progress for that user.

Groups and Teams

Deleting Customer Data

To satisfy GDPR requirements, On Demand Migration Active Directory provides customers the ability to delete their data.

What pieces of data can be deleted?

On Demand Migration Active Directory provides the following ability:

Delete Project and Environment data

Monitor and off-board project and environment data when the On Demand Organization is deleted

Monitor and off-board project and environment data when the On Demand Migration Active Directory License SKUs expire

How do you delete data?

Project data can be deleted by selection the"Delete" option next to each project on the Projects page. Environment data can be deleted by clicking the "Delete" button on the Environments page.

Does the data get removed immediately when choosing to delete?

Upon selecting the delete option and confirming the deletion of data, all project data including project configuration, tenant objects, object mappings and migration history will be marked as deleted, will no longer appear in the user interface, and will not be accessible. All migration jobs will stop processing including ones that are already running. After 30 days, the data is permanently removed from the database.

How is Email Address Rewrite Service disabled?

The Email Address Rewrite Service must be disabled in the Project Settings before a project can be deleted.

Appendix A: Using PowerShell

You can use the On Demand Migration PowerShell API to interact with objects in your On Demand Migration environment. The PowerShell cmdlets allow you to perform tasks, such as account discovery, mail migration, OneDrive migration, task and event management in a PowerShell scripting environment. The ODM API is available for install or download from the PowerShell Gallery.

Note: Usage of the PowerShell Gallery requires the PowerShellGet module to be installed on your computer. The module is normally installed with operating system, but may need an upgrade to the latest version. For more information, see How to Install PowerShellGet.

Gallery

On Demand User Role Requirements User must have the Migration Administrator role to access and run any of the On Demand Migration PowerShell commands. On Demand ships with this role. See the On Demand Global Settings Current User Guide for more information about setting up roles.

Deploying the ODM PowerShell API Module

The ODM PowerShell API module must be installed or download from the PowerShell Gallery.

Searching in PowerShell gallery

Find-Module OdmApi -Repository PSGallery

Installing the module from the PowerShell gallery

Install-Module OdmApi -Repository PSGallery

Downloading the module from the PowerShell gallery (without installing it)

Save-Module OdmApi -Repository PSGallery -Path "C:\temp"

Connecting to the ODM service

Before you can use the ODM PowerShell cmdlets to interact with your ODM environment, you must connect and authenticate your access to your ODM host. The credentials you use must be granted a role with sufficient privileges to work with the On Demand Migration services.

Connecting to the ODM service - Interactive mode

The Microsoft Account Authentication Workflow requires user interaction for the initial authentication with Microsoft. When Microsoft Account authentication is used all authentication is handled via Microsoft and the user’s Microsoft Entra ID. This type of authentication supports MFA and is fully controlled by the user’s Microsoft Entra ID Conditional Access Policies. Any password and lockout policies are also managed directly by the customer through their Microsoft Entra ID.

Run the following command to connect to your ODM Service. The default region is US.

Connect-OdmService

To connect to a specific region like Europe, run the command Connect-OdmService -Region EU. The region value can be set in the OdmApi.psm1 file by editing this line: [string]$Region = 'us'. For example to set default region to Europe replace the line to [string]$Region = 'EU'.
This command will redirect the user to the Microsoft Authentication workflow to authentication against the user’s Azure Active Directory. In the authentication dialog, enter the credentials of the On Demand account (not the tenant account)

If MFA is enforced, users will see an additional window

Connecting to the ODM service - Unattended (or Headless) mode

The Microsoft Account Authentication Workflow requires user interaction for the initial authentication with Microsoft. This type of authentication doe not supports MFA. It is used primary for work or school accounts. The Tenant ID is required.

Connect-OdmService -Username "admin@democorp.com" -Password "P@ssword!" -TenantId "81f2b32e-c198-44fd-99d4-109665c16f34"

If you only have On Demand Migration Active Directory or Directory Sync for your subscription,

Connect-OdmService -Username "admin@democorp.com" -Password "P@ssword!" -TenantId "81f2b32e-c198-44fd-99d4-109665c16f34"