Orchestrator Tenant Configuration: Exchange, OneDrive, Teams (Chats + Meetings), and Identity Mapping Prereqs

-

Before you touch user objects or submit migration batches, you need to configure both the source and target tenants so the orchestrated tooling can validate prerequisites, access the right workloads, and run migrations securely.

Mailbox migration: use cross-tenant mailbox migration setup

For mailbox moves, Microsoft directs admins to complete the standard cross-tenant mailbox migration preparation steps (organization relationships, endpoints, and related Exchange Online configuration). Treat this as the foundation for the orchestrated chain.

OneDrive: establish trust, then grant the OneDrive/SharePoint migration permissions

Orchestrator uses the same trust model as the dedicated OneDrive migration approach: establish trust between the tenants using the published steps, then configure the OneDrive migration application permissions via a Microsoft-provided module.

Connect-MgGraph  # as Global Administrator (run in both tenants)
Import-Module <downloaded module path>
Grant-OneDriveSharePointMigrationPermissions

Teams chats: enable federation and grant the Teams chat migration app permissions

In both tenants:

Connect-MicrosoftTeams
Set-CsTenantFederationConfiguration -AllowFederatedUsers $True

# Trial tenants only
Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Allowed"

Get-CsTenantFederationConfiguration

Then grant chat migration app permissions in both tenants using the Microsoft-provided module:

Connect-MgGraph  # as Global Administrator (run in both tenants)
Import-Module <downloaded module path>
Grant-CTTMAppPermissions

Teams meetings: grant meeting migration service permissions and enable required mail settings

Meeting migration setup includes module installation, permissions in both tenants, and enabling auto-forwarding mode:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned
Connect-MgGraph
Import-Module <downloaded module path>
Grant-MMSAppPermissions -TenantType "source"  # source tenant only
Grant-MMSAppPermissions -TenantType "target"  # target tenant only
Connect-ExchangeOnline
Enable-AutoForwardingMode

Identity mapping: prepare both tenants

Identity mapping is required for orchestrated migration. Ensure you complete the Cross-Tenant Identity Mapping (CTIM) prerequisites and installation steps before you prepare users or submit migration batches.

Source links (Microsoft Learn)

·       https://learn.microsoft.com/en-us/microsoft-365/enterprise/migration-orchestrator-3-tenant-config?view=o365-worldwide

·       https://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide

·       https://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-identity-mapping?view=o365-worldwide

Comments

Post a Comment

Popular posts from this blog

Skype for Business, Lync and Exchange Web Services (EWS) and different DNS Domains- Exchange crawling e.g. for presence

-
Image
Hi all, (This is an updated version 2.2: 09 .07.201 5 ) This blog entry is valid for Lync 2010, Lync 2013 and Skype for Business Server. Generally, I'll write a new blog article, since the conversion history over multiple device and other service have change with Skype for Business 2015 Server. Once this written, I post the link here. there is always confusion in how Lync is crawling Exchange Web Services (EWS). Generally it is necessary to understand how DNS must be implemented: Just remember, identify if you have DNS Split configuration, different internal and external DNS names and what are your SMTP and SIP Domains. Very often you find in Lync/ Exchange deployments an issue, where the Lync configuration show up with empty: EWS Internal URL EWS External URL and EWS Information = EWS not deployed Therefor Exchange Web Service are not connected deployed and several Lync Integration Features are not working, e.g. Presence Information based on your Outlook Calendar....
Read more

How to hide users from GAL if they are AD Connect synchronized

-
Image
How to hide and un-hide users from Global Address List (GAL) in Exchange Online if they are AD Connect synchronized Hiding User from GAL isn't possible if those are synchronized form On-Premises Active Directory. The local AD is the leading system for all important attributes, like SMTP, UPN and hiding from GAL. Especially during a cross-tenant migration, you do not want to see not migrated user in the GAL. Those User aren't actively working until their cut-over day. Since the Exchange Online attribute  msExchHideFromAddressList s is an AD on-premises parameter, we have two possible ways hiding user in BME from GAL.   Modify the AD Connect for your teant with a custom rule, by using a extensionAttribute to set the HidefromGAL. In this rule, for users which have an entry in the extensionAttribute, hiding / un-hiding will be controlled by AD Connect This is the best option for Cross-Tenant Migration, if you run 2 or more AD Connect system We direct modif...
Read more

Exchange x500 address x500:/o=ExchangeLabs

-
Image
 You have Exchange Hybrid in place. Now you wonder about an address with you see on-premises with all users. This address has the following format: x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOxxxxxx)/cn=Recipients/cn=234xxxx This address is now found in the Exchange proxyAddresses in On-Premises as well as in Entra ID. Additionally you will see them in msExchShadowProxyAddresses The ExchangeLabs is Microsoft internal Exchange Online Organization and therefore needed. This x500 address is created in Exchange Online and sync'ed via Azure AD Connect (Entra ID Connect) back on-premises. If you delete this address on-premises, the connection between will sync this Cloud leading attribute back to on-premisses. If you have multiple Domains and Active Directories connected to your Tenant, this x500 address from your tenant will be added to ALL users. Also to users which are from an local AD without Exchange / Exchange Hybrid. As long AAD Connect/ Entra ID Connect will...
Read more