Moving a domain between Office 365 tenants is a critical process that involves multiple steps, detailed preparation, and careful coordination to avoid service interruptions or data loss. This task is typically undertaken during company mergers, demergers, or a significant reorganization. Due to the complexity of Office 365 environments, taking the correct steps is essential to ensure a successful domain transfer.

TL;DR

Transferring a domain between Office 365 tenants requires you to remove the domain from the source tenant and then verify it within the destination tenant. All user dependencies, such as mailboxes, aliases, and Microsoft Teams associations, must be addressed in advance. DNS record changes will also be necessary. The entire process can take several hours to complete and should ideally be performed during downtime or off-peak hours to minimize business disruptions.

Why You Might Need to Move a Domain

There are several common scenarios where moving a domain makes sense, including:

• Company mergers or acquisitions where each company has its own Office 365 tenant and consolidation is required.
• Divestitures or spin-offs where a portion of a business becomes independent and needs its own Office 365 environment.
• Reorganization of business units that results in domain ownership changes.
• Geographical restructuring to comply with new data residency or compliance requirements.

Whatever the reason, the domain transfer process is largely manual and requires significant administrative access.

Pre-migration Considerations

Before beginning the transfer, you’ll need to perform some key checks and preparations:

• Admin Access: Global Admin permissions on both Office 365 tenants.
• Licensing: Make sure destination tenant has sufficient licenses for users that will be created or migrated.
• Backup: Back up emails, files, and any critical content to avoid accidental data loss.
• Communication: Inform your organization and affected users about the planned migration timeline and any expected downtime.

Step-by-Step Guide to Moving a Domain Between Office 365 Tenants

Step 1: Audit the Current Domain Usage

Start by identifying where the domain is currently in use within the source tenant. This includes:

• Primary and secondary email addresses (UPNs and aliases)
• Distribution groups and shared mailboxes
• Microsoft Teams and SharePoint configurations
• Azure Active Directory applications or federations

This step ensures you know what needs to be removed or reassigned before the domain can be released.

Image not found in postmeta

Step 2: Remove Domain Dependencies

In order to detach a domain from a tenant, all references to it must be removed. This involves:

• Changing user principal names (UPNs) from the custom domain to the default domain (e.g., user@domain.com to user@tenant.onmicrosoft.com).
• Updating aliases, group addresses, and mailbox names to no longer reference the domain.
• Verifying Azure AD apps or federated settings don’t rely on the custom domain.

This can be a time-consuming process if your tenant has hundreds or thousands of users, so automate where possible using PowerShell scripts.

Step 3: Remove the Domain from the Source Tenant

Once the domain is no longer associated with any users or services:

• Go to Microsoft 365 Admin Center on the source tenant.
• Navigate to Setup > Domains.
• Select the domain and choose Remove.

If removal fails, verify there are no lingering users or resources that still use the domain. It may take several hours for the removal to propagate completely.

Step 4: Update DNS Records

Once the domain is released, you must update the DNS records (typically hosted with a domain registrar or external DNS provider). The following changes are critical:

• Update MX records to point to the destination tenant’s Exchange Online servers.
• Update TXT records for domain verification.
• Update SPF, DKIM, and DMARC records for email deliverability.

Failure to update DNS can result in downtime for services like email, SharePoint, or Teams.

Step 5: Add and Verify the Domain in the Destination Tenant

Now, transition to your new tenant:

• Log in to the Microsoft 365 Admin Center of the destination tenant.
• Navigate to Setup > Domains and choose Add domain.
• Enter the custom domain and follow verification steps using the new TXT record.

Ensure successful verification and check for any messages indicating remaining configuration steps.

Step 6: Assign the Domain to New Users and Services

Once the domain is verified:

• Update UPNs of users to use the new domain (e.g., user@domain.com).
• Recreate required shared mailboxes, groups, and any Teams configurations.
• Ensure old aliases and delegated permissions are restored where needed.

Depending on the tools you used to back up user data, now is the time to restore mailboxes, OneDrive files, and Teams chat history.

Step 7: Validate Functionality

Once you’ve reassigned services and data, run tests to confirm everything is functional:

• Send and receive emails using the custom domain.
• Verify login and authentication are working for all users.
• Check Teams channels, SharePoint sites, and OneDrive access.

Ask users to report any issues quickly. Minor DNS propagation delays may temporarily affect performance in some regions.

Post-Migration Best Practices

After successfully migrating the domain, consider the following actions for long-term stability:

• Documentation: Keep detailed notes of the process and configurations for audit and compliance needs.
• Monitoring: Use Microsoft 365 admin tools to monitor for any unusual behavior after the domain transfer.
• Communicate: Provide updates to users and help desk staff if any changes in login credentials or services were made.
• Audit Licenses: Ensure that all licenses are properly allocated and monitored in the new tenant.

Common Issues and Troubleshooting

Even with careful planning, mistakes can happen. Here are a few common issues:

• Domain still in use: Ensure there are no unresolved aliases or unlicensed mailboxes using the domain.
• Incorrect DNS settings: Always double-check the record values, especially MX and TXT types.
• Verification failure: DNS changes may take time to propagate globally, so allow a few hours if verification fails immediately.
• Email delivery issues: Use tools like Microsoft Remote Connectivity Analyzer to diagnose any flow problems.

Conclusion

Transferring a domain between Office 365 tenants is a delicate process that can impact multiple services, including email, authentication, and collaboration tools. With careful planning, thorough auditing, and step-by-step execution, you can minimize the risk of disruption. This operation is best carried out during maintenance windows or weekends, and organizations should always maintain backups before initiating any domain or data changes. If you’re unsure or lack in-house expertise, consider engaging a certified Microsoft 365 consultant to guide the process and ensure compliance with best practices.