06/02/2026

GetToTheCloud

M365 Cross Tenant Migration | Part V

Alex ter Neuzen07 mins
Tenant Migration
Reading Time: 4 minutes

After migrating Users. Shared Mailboxes and Resource Mailboxes, we recreated the Distributions lists. We also populated those groups with the original members. Because we use the CustomAttribute1 and CustomAttribute2 attributes, we where able to filter. CustomAttribute1 is set to CROSSTENANT. But with the creation of groups and users, we added the original PrimarySMTPAddress to CustomAttribute2.

In the source tenant (GetToTheCloudSource.onmicrosoft.com) is the mailbox converted to a Mailuser and was set to forward the email to the mailbox in the target tenant (GetToTheCloudTarget.onmicrosoft.com).

Shared SMTP namespace

Microsoft does not allow to use a smtp namespace on multiple tenants. It can only be attached to a single tenant. Preforming a mailbox migration cross tenant will set you to a choice how to preform the migration. February 2022 Microsoft will release in private preview the shared SMTP namespace feature. During the coexistence you will not be able to use de domain from the source tenant in the target tenant as reply address.

Clean up

After the migration of the mailboxes, you need to transfer the domain from source tenant to target tenant. To remove a domain you will need to disconnect it from users/groups or other linked items in Azure Active Directory. In the portal you will be able to get a reference of the connections.

figure 1 domain references

In Azure Active Directory browse to Custom domain names and select the domain you want to see the references.

figure 2 domain references

At the bottem, you will be able to see how much references the domain is linked to.

figure 3 domain references

In the list you will see all users, groups and applications. These references need to be empty before the domain can be deleted.

Of course this can be reached with PowerShell also. 

$clientid = ""
$tenantid = ""
$certificateThumbprint = ""

# getting MSAL token for Graph API
do {
    try {  
        $CertificatePath = "cert:\currentuser\my\$CertificateThumbprint"
        $Certificate = Get-Item $certificatePath
        $AccessToken = Get-MsalToken -ClientId $ClientId -TenantId $TenantId -ClientCertificate $Certificate -ForceRefresh
        $mustRetry = 0
    }
    catch {
        $webError = $_
        $mustRetry = 1
        Start-Sleep -seconds 2
    }
    
} while (
    $mustRetry -eq 1
)

# creating headers for RestMethod
$header = @{
    'Authorization' = "BEARER $($accesstoken.accesstoken)"
    'Content-type'  = "application/json"
}

Getting the information via Graph API

# selecting domain
$domain = "gettothecloudsource.org"

# building URL
$referenceUrl = "https://graph.microsoft.com/v1.0/domains/$domain/domainNameReferences"


# connecting Graph API 
$references = @()
try {
    While ($referenceUrl -ne $null) {
       $data = (Invoke-RestMethod -method GET -Headers $header -Uri $referenceUrl) 
       $references += $data.value
       $referenceUrl = $data.'@odata.nextLink'
    }
}
catch {
    $webError = $_.Exception
    if ($Weberror.Message -eq "Response status code does not indicate success: 404 (Not Found).") {
       write-host "ERROR: " -nonewline -ForegroundColor red
       Write-Host "$($domain.id) cannot be found. Continue..."
    }
    else {
       write-host "ERROR: " -nonewline -ForegroundColor red
       Write-Host "There was an error collecting domain references ..." 
       write-host "ERROR: " -nonewline -ForegroundColor red
       Write-Host "$($weberror.Response.StatusCode) to $($referenceUrl)"
       #break
    }
}
$references

Remove domain from tenant

If all references are removed for domain, you will be able to remove the domain. If you have changed the primary domain al ready, you are also able to let Azure change all resources to the new domain.

01-domainreference
figure 1 remove domain from tenant

Select the domain to be removed at the Custom domain names tab.

figure 2 remove domain from tenant

Delete will only be available if the domain is not primary

figure 3 remove domain from tenant

If you have deleted all references of the domain, the checks will be green. Otherwise just type the domain to rename the objects to de initial tenant. In this case the rename will result in @gettothecloudsource.onmicrosoft.com.

figure 4 remove domain from tenant

Renaming of the object to initial tenant is starting and deletion of domain is scheduled.

Finishing up

Now the domain is detached from the source tenant, you will be able to attach it to the target tenant. With the attach, you will be able to add the SMTP addresses again to the users that where migrated.

# connect to target tenant
Connect-ExchangeOnline

# get mailboxes that where migrated
$Mailboxes = Get-Mailbox | Where-Object {$_.CustomAttribute1 -eq "CROSSTENANT"}

# add the original primarysmtpaddress to the email addresses
ForEach ($Mailbox in $Mailboxes}
    Try {
       Set-Mailbox -identity $Mailbox.identity -EmailAddresses @{add = "smtp:$($mailbox.CustomAttribute2"} 
       Write-Host "INFO: $($Mailbox.DisplayName) is edited and $($Mailbox.CustomAttribute2) was added to EmailAddresses
     }
     catch {
        Write-Host "ERROR: Cannot add original SMTP address to EmailAddresses for user $($Mailbox.DisplayName)"
     }
}

Share and Enjoy !

Shares

Related News

Designer (23)

Stay close to the action—follow GetToThe.Cloud across social!
Deep dives and hands‑on how‑tos on Azure Local, hybrid cloud, automation, PowerShell/Bicep, AVD + FSLogix, image pipelines, monitoring, networking, and resilient design when the internet/Azure is down.

🔗 Our channels
▶️ YouTube: https://www.youtube.com/channel/UCa33PgGdXt-Dr4w3Ub9hrdQ
💼 LinkedIn Group: https://www.linkedin.com/groups/9181126/
✖️ X (Twitter): https://x.com/Gettothecloud
🎵 TikTok: https://www.tiktok.com/@gettothecloud
🐙 GitHub: https://github.com/GetToThe-Cloud/Website
💬 Slack: DM us for an invite
📲 WhatsApp: DM for the community link

WP Twitter Auto Publish Powered By : XYZScripts.com

Share

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name Active

Who we are

Our website address is: https://www.gettothe.cloud

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.
Save settings
Cookies settings