Disable Azure AD Sync and Federated Authentication ( ADFS ) in O365

Applies To : Microsoft Office 365

                    ADFS and AD Sync Tool.

Objective / Scenario :

we want to transfer the custom domain "abc.org" from O365 Tennent "A" to Office 365 Tennent "B".

But, "abc.org" is configured with On-Premise Active Directory and ADFS Authorization tool, moreover, we have deleted the ADFS Server prior to disabling it in O365 Tennent, Due to this Users were not able to authenticate with ADFS.

To Authenticate users, the authentication method must change and make the default "onmicrosoft.com" domain to all users to remove the custom domain from Tennent "A".

The below steps demonstrate how to remove ADFS Federated authentication without ADFS accessibility.

Step 1: Open Window PowerShell with "Administrative" rights.

Step 2 : Install MSOnline Module if not installed already " Install-Module MSOnline "

Step 3 : "Connect - MsolService" and Give Username and Password.

Step 4 : "Get-MsolDomain" command to get the Custom domain and Authentication Methods used.

Step 5 : you can see the Custom domain "abc.org" is using "federated" Authentication.

Step 6 : in this step we will disable ADFS "federated" authentication to "managed". 

    Command : "Set-MsolDomainAuthentication - DomainName abc.com -Authentication Managed"

Step 7 : now check once again with "Get-MsolDomain"  custom domain now converted with "Managed" 

Step 8: Still you will not able to do modification in users' primary e-mail due to AD Sync, needs to disable AD Sync with O365.

Step 9 : "Set-MsolDirSyncEnabled -EnableDirSync $false" and Confirm "Y"

Step 10 : Wait for 15 to 30 min to reflect changes.

Step 11 : Now you can change All users' Primary E-mail IDs from Custom Domain to Default Onmicrosoft.com domain.

Step 12 : After successfully changing of primary E-mail id then remove Custom Domain and add it to the new Tennent.

Failed to open mailbox abc@abc.onmicrosoft.com" "failed to access mailbox" " Mailbox does not exist"

 

Applies to : Veeam Backup for O365, Exchange Server 2013, 2016, 2019

Problem:  Cross Tennent Veeam backup restore error " Failed to open mailbox abc@abc.onmicrosoft.com" "failed to access mailbox" " Mailbox does not exist"

Scenario: I have Two Office 365 Tennent "A" and "B", I want to migrate all mailbox data from Tennent "A" to Tennent "B" ( Cross Tennent Migration ).

I Used the Veeam O365 backup tool to backup of all mailbox,Sharepoint, One Drive data from Tennent "A" and Create Restore Task to Tennent "B".

Diagnose : 

1) Download Backup Logs from Veeam Console. https://helpcenter.veeam.com/docs/vbo365/guide/vbo_exporting_logs.html?ver=60 

2) Found below error in log file.

Resolution : 

1. Login to the Office 365 Exchange Admin Portal.

2. Go to Permissions, then under Admin Roles click the '+' symbol to add a new role and enter the Name and Description 'CloudMigratorImpersonation'.

3. Click the '+' symbol under 'Roles:', select ApplicationImpersonation, click 'add →' then 'OK'

4. Click the '+' symbol under 'Members:' and select your Admin User, click 'add →' then 'OK'

5. Click 'Save' in the 'Role Group' window and you will then see the Impersonation role listed in Admin Roles. 

You can now use application impersonation with your admin user in CloudMigrator.

Reference : 

https://answers.microsoft.com/en-us/msoffice/forum/all/exchange-impersonation-error-unable-to-open-user/834c4ea9-6cb5-4df4-9011-433ba501f6d2

https://www.techieshelp.com/exchange-2013-configuring-impersonation-applications/