Microsoft 365 Tenant to Tenant Native Tools - V2
Vložit
- čas přidán 5. 09. 2024
- Microsoft 365 Tenant to Tenant Migration - Using the Free Native Tools inside M365.
** Update ** - This is a re-edited version of the original M365 T2T Native Tool video that was removed because it contained PII (Personal Identifiable Information). All the email address data of the dummy/test users has now been blurred out. If you need any help with some of the processes because of the blurred nature of some of the information then please reach out to me via thecloudgeezer.com website.
Here I migrate Microsoft 365 Exchange Online from one tenant to another using only the free tools that are now a part of M365. There is no paid toolset in use here at all.
I take you through the setup and configuration needed to perform the migration, then perform the migration itself, showing every step along with the way. The main points that are covered in the video are;
* Setup of the Security Group needed to scope the migration
* Configuration of the App Registrations required in the Tenants to allow the connections
* Organization Relationship setup
* Creation of Mail Users to prepare the target
* Stamping of the objects with the Exchange GUID's to bind the identities
* Creation of the migration batches
* Syncing and Completing the migration batches
* Forwarding and Mail Routing for both source/target accounts pre/post migration
* Moving the underlying domain name from one tenant to another
* Adding aliases to the new tenant
As you can see, the entire migration is covered and during the process I show all the processes needed plus any errors that pop up along the way. Providing the fixes where necessary but essentially keeping it as 'real-world' as possible.
All of the PowerShell commands used in the video are laid out in the article on the website, so check that out at thecloudgeezer...
Please remember to subscribe to the channel. You can use this link to do that. czcams.com/users/th...
Thank you for watching, commenting, liking and subscribing. I hope this helps in choosing how best to migrate Microsoft 365.
Mark - The Cloud Geezer
So I have done more research on this. It seems like we now need to purchase a Cross Tenant User Data Migration license per mailbox to do this migration but the license is not available so we cannot do this natively anymore.
Error: ErrorCrossTenantSourceUserIsInHoldOrRetentionPolicyAppliedPermanentException: Cross tenant move is not supported when source mailbox has a hold or retention policy applied. To proceed, please resolve the following hold(s) or retention policies: - Organization-wide retention policies are applied. Run Get-OrganizationConfig | Select-Object -ExpandProperty InPlaceHolds in source recipient for more information.
This is my latest progress
This video is also quite old now. Was March 2023. With the license issues I made an additional piece of content in July 2023, check this out, czcams.com/video/K8iXVOMvbEo/video.html as it explains the licensing problem. Hope this helps. Mark.
Hello !
I have 2 mailboxes to migrate from one tenant to another and after performing the migration it gave me errors on both mailboxes stating that "A Cross-tenant User Data Migration license is required to move a mailbox between tenants." .... Have you ever heard about something like this?
I tried to find it in the MS products, but apparently it's not there.
Yes this is a problem. A lot of talk recently on this subject, so I put a video together that talks about exactly this issue. czcams.com/video/K8iXVOMvbEo/video.html
It's on my channel here but definitely check it out.
Mark - The Cloud Geezer
why you blurred the email ids ? , i have seen in other tutorials they show the demo email IDs without any issues. why not here ?
Well well well, that is a good question because I had a previous video where they were not blurred out. I got flagged for a cyber security incident in the video and it was taken down. Google thought that I was sharing peoples email addresses !! Even though I explained in the appeal that they were all demo/fake addresses, it still got banned. So I had to repost it with the email addresses blurred which I know is absolutely terrible. Sorry about that. Mark.
Nice tutorial, but I get and error in 3 of the 4 mailboxes I am trying to migrate and have not been able to fix: The user object for ' ' is missing a valid ArchiveGuid property and cannot be migrated. -What could I be doing wrong?
Hi Cal, drop me a note to mark@thecloudgeezer.com and we can chat. Should be able to work that out with you. Mark.
Thanks for the video. Would the same process apply if we intend on keeping source email address as primary?
Yes it does, the process is basically the same for the migration. However, you will need to migrate the mailboxes over into either the 'onmicrosoft.com' UPN, or another temporary domain. Then once your mailboxes are over you can remove the domain from the old tenant, add it to the new, then apply the original UPN back on the accounts you have migrated. Plenty of options with PowerShell scripts to do all of that. Let me know if you need any support for what you are doing there. mark@thecloudgeezer.com
Hello. When creating the Migration Endpoint 1 in powershell (12:45), I receive the error: Write-ErrorMessage : Unable to retrieve access token using credentials configured in migration endpoint. I have double checked and created new client secret. Any help? Thanks
That I haven't seen before, but if you are still getting it then email me a screenshot to mark@thecloudgeezer.com and I will see what I can do to assist.
i have a question regarding the migration group email. You say that we made one in the beginning but i cant find it anywhere in the video and its a bit confusing :P
Hi. The Security Group that is set up is used to scope the users that are being migrated. In the scripts that define those scopes as you go through there is reference to that security group. All of this comes from the Microsoft documentation, so to go into a lot more detail on that, do a search in this document for 'group' and you can pick out all that information.
learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide
Please let me know if you are still stuck though and I can help out.
Remember too, that since I published the video, Microsoft now charge a license fee for these tools making it no longer free. Much easier to use third party tools now!
Mark - mark@thecloudgeezer.com
Amazing tutorial, great tone👍but i was stopped on my tracks @7:17😅i dont suppose theres an app for migrating onedrive data from one tenant to the next?
Thank you for that. We used to have 'mover.io' for transfers but that got converted into the Migration Manager inside M365 and requires a license. The other videos I have around MigrationWiz might help out. That tool is pretty easy to use and will do the job. Unfortunately there aren't really any free options for OD migrations.
@@thecloudgeezertouching base in this. So still no options to move one drive and teams data across during this process?
I see you mention migrationwiz and m365 migration manager. Do these both cater to move all this data across?
I have 3 companies in one tenant and need to split them out in to 3 tenants. This is mail, teams and one drive data. What are my options?
@@anthonymeintjes6884 The best option would be a third party tool. MigrationWiz is a good option. If you want to chat privately then drop me an email to mark@thecloudgeezer.com and we can do that offline.
Great tutorial video. Have watched it twice before starting the process and everything has gone smoothly till I try to create the migration endpoint in PS. I get the same error as someone else in the comments have "New-MigrationEndpoint: Unable to retrieve access token using credentials configured in migration endpoint."
I have gone back deleted everything done, created new application, new secret and tried again but still come up with that error. The internet hasn't been much help either.
Any pointers will be greatly appreciated
Yes I have seen that before. A common mistake is using the Value ID instead of the Client Secret when passing the details through to the cmdlet. Maybe that will work for you? Mark.
@@thecloudgeezer Thanks so much for your reply but afraid no dice. I made sure app ID is correct, i then tried both the client secret value (the one that gets asterixed out after a refresh) and client secret ID. I even made sure the source tenant has customization enabled.
Really appreciate your help
Ok. Send me an email at mark@thecloudgeezer.com and you can share some screenshots. Then we can troubleshoot it and see what we can do.
Hi Sir nice tutorial, will this migrate data from ONE drive and Sharepoint sites as well?
No, not that way. You need to use Migration Manager which is part of the Native Toolset inside M365. To find this, go into the SharePoint Admin Center and then look for Migration on the left hand side. This takes you into the Migration Manager. Let me know if you have any difficulties with it.
Sorry, forgot to ask, do you need to be Global Admin to do this? I only have Exchange admin in both tenants. thanks
GA is preferable, but if you have the Identity Management and Exchange Admin that is enough to perform migrations. This can change though and a GA covers everything. Mark.
Please help:
Result : Failed
Message : Cross tenant move is not supported when source mailbox has a hold or retention policy applied. To
proceed, please resolve the following hold(s) or retention policies:
- Organization-wide retention policies are applied. Run Get-OrganizationConfig | Select-Object
-ExpandProperty InPlaceHolds in source recipient for more information.
SupportsCutover : False
Hi. That is correct, you can't migrate a mailbox that has a hold status of any kind placed on it. User this comment in PowerShell to check your user
get-mailbox -Identity UserIdentity | select *hold*
If they do show any holds then remove those at the source and retry your batch. It can take a bit of time for holds to release after you take them off, so wait a little while then recheck the command above, then retry your batch.
Mark
Hi, Can you please guide about this " Cross Tenant User Data Migration is available as an add-on to the following Microsoft 365 subscription plans for Enterprise Agreement customers. User licenses are per migration (one-time fee) and can be assigned either on the source or target user object."
Hi Faisal. Can you drop me a note to mark@thecloudgeezer.com and we can go a bit deeper on that. Mark.
@@thecloudgeezer ok
Hello your video is helping me a lot, I appreciate it, but I can't get past the migration batch part that needs to add the Destination Delivery Domain no address I add is accepted. Do you have any tips?
Another question if I want to synchronize the local active directory domain users using AD Sync how would that work?
Hugs from Brazil
Hi Rafael, thanks for the note. For the Destination Delivery Domain that will be the onmicrosoft.com domain for the target tenant. In the demo video it would be tcge5demo.onmicrosoft.com. For the AD Sync options, I do have two videos that would be worth looking at. The first goes through the normal Azure AD Connect software - czcams.com/video/7yIL7IAC8jc/video.html and the second looks at the newer version Azure AD Cloud Connect czcams.com/video/dmwtycFrpsA/video.html There are some differences, so have a look at the second one and it will talk about those. Otherwise, feel free reach out to me directly at mark@thecloudgeezer.com and I can answer any questions you have there. Have a good day.
How can we migrate teams (along with chat history), onedrive and sharepoint using native tools
Teams via native tools isn’t available as yet. OneDrive and SharePoint are but unless you are coming from a different cloud architecture, like Google or Box, then they aren’t free anymore. Check out my channel for those MS license updates I have been talking about. The only way to do Teams is to use third party tools. Please reach out to me at mark@thecloudgeezer.com and I can point you in the right direction for what you are trying to achieve.
Great video! Horrible process by Microsoft. I got through the whole procedure only for MS to give me a license error. After checking I need to buy a $15 license per user to be able to migrate the mailbox. They make the process unbearably difficult and then want to charge money for it. The best part is you can't even get the license from the Office portal. You have to request it from your partner. SMH Thank you for making the video though!
Hi. Thanks for the comment, glad you liked the video. I am seeing reports of others getting similar license errors and having to go through MS Support to resolve. This is something I want to investigate and get to the bottom of. Can you email me at mark@thecloudgeezer.com so we can discuss. Would be good to get your take on things. Mark.
Hi. I have been working out the license issue and put a video on the channel explaining everything. Needs to have an EA agreement. Not a good situation to be honest.
@@thecloudgeezerwhat is an EA agreement. So not every org admin can perform cross tenant, we need to have a special licenses?
Hello
This is really awesome, in my case i have two tenants in hybrid config and we only need to migrate the mailbox data. We have exported users from the source on-prem AD and imported to the destination on-Prem AD. For each user in the destination on-prem AD we created a mailbox, which was them migrated to the Exchange online. so now since we already have users with mailbox in the cloud how do i do the mapping between the source mailbox and destination mailbox? also can you show how to use powershell new-moverequest instead on using migration batches in GUI (i never use this), thank you so much.
Ah yes, I have had comments about this type of migration. Send me a note to mark@thecloudgeezer.com and we can chat more. Essentially though, you need to have 'MailUser' accounts on the target tenant meaning that if you have entities in place from an On Prem sync, then it isn't going to work. It can be done though, by creating the MailUser objects, performing the migration, then taking the ObjectGUIDs from the OnPrem AD and stamping the ImmutableID's on the target identities, then performing the Azure AD Connect sync will bind everything together. Please email me at mark@thecloudgeezer.com and I can give you a lot more detail.
Mark.
Microsoft says it's only for "Enterprise Agreement" customer
yeah, i think this tutorial is only eligible if we have EA Subscription on both Tenants, it's not possible if we only have Subscription EA in one tenant only.
The requirements, according to MS, work with normal Business Standard style subscriptions too. I will confirm though as this is an important consideration.
@@thecloudgeezer But how to buy migration license witthout EA? Via CSP it is not possible.
Yes. I have been down this path and published a new video on the channel talking about the licenses. Basically you need an EA agreement and can’t buy them via a normal CSP. Not a great situation by Microsoft.
@@thecloudgeezer I tried out this in my lab, mailbox items were migrated with MRS licensing error, I was wondering if it just allowed small amount of data without license, your thoughts?
where was the mailbox security group ???????
Hi. The Security group you create is on the source tenant and is used to Scope the mailboxes that you need to be part of the migration. Email me at mark@thecloudgeezer.com if you need more assistance though. Mark.
He skipped this process and only showed it rite before he started logging in to the tenants. Just after explaining what mailboxes he was going to be migrating
Can you also migrate sharepoint sites, teams etc?
Hi. There are capabilities in the SharePoint side using the Migration Manager that is now part of the native toolset. Unfortunately nothing for Teams as yet though.
Not a very good tutorial. Doesn't explain or show how he came up with "Migration Endpoint 1" in his script and I get an error stating unable to retrieve access token credentials configured in migration endpoint and I have watched this video minimum 10x and have yet to see anywhere in the video where this instruction is given.
Hi. I am happy to assist you with this. Drop me a note to mark@thecloudgeezer.com and we can discuss it there. That way you can share screenshots with your errors and I can provide the solutions. Either way, have a good weekend. Look forward to hearing from you. Mark - The Cloud Geezer.
This needs updating or something. There are so many things skipped or not mentioned. Rather watch a different creator. Taken 6 hours of errors to move two mailboxes and still not winning
Yes I agree. I made this video about a year and a half ago so somethings have changed since then.
JokeTube must not like you. There are 100s and 100s of videos that show demo email address..
Yeah I know. Plenty other videos of mine have that and occasionally they get tagged. Oh well, it is what it is sometimes.
During the creation of endpoint with the PowerShell Script, it is giving an error mentioned below, whcih
[Write-ErrorMessage : |Microsoft.Exchange.MailboxReplicationService.KeyVaultFailureErrorException|Error finding
certificate '' from azure key vault for tenant 'cf169d0b-4604-4c5b-ghb4-e910cb03dd18'.
At C:\Users\%user%\AppData\Local\Temp\tmpEXO_xcwtvgiy.ytb\tmpEXO_xcwtvgiy.ytb.psm1:1192 char:13
+ Write-ErrorMessage $ErrorObject
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-MigrationEndpoint], KeyVaultFailureErrorException
+ FullyQualifiedErrorId : [Server=SJ0PR06MB8548,RequestId=bc18e7e8-e1a8-a919-0f5c-b47fc590bbc3,TimeStamp=Tue, 3
0 Jan 2024 10:15:43 GMT],Write-ErrorMessage]
is there any way to resolve this?
Hi. When I have seen this before it is normally based on an issue with the App Registration and Client Secret in the target tenant. I hate to throw links into the comments here but I would suggest that you check this out to make sure everything is done fully. Can't hurt to go through it and check.
learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide#prepare-the-target-destination-tenant-by-creating-the-migration-application-and-secret
Mark.
@@thecloudgeezer Thanks for the guidance, I followed the same and it successfully got created. but now I am facing the below error in migration batch.
Error: CrossTenantMigrationWithoutLicensePermanentException: No license was found for the source recipient, '727-82d1-8ff031fe9094', or the target recipient, '746ab268-f4b2-4027-1fe9094'. A Cross-tenant User Data Migration license is required to move a mailbox between tenants.