Office365 migration mixed domain accounts

New Contributor

Hello friends

 

  I have a customer who wants to migrate to office365 accounts. He's main domain is for example customer3.es

 

  But in this domain, he has two kind of users 

    40 corporate users, which will be migrated and dirsync with on premise-AD

    200 affiliates. They are not members of onpremise AD domain and theis mail accounts are hosted on a different provider. They shall not be migrated to o365

 

  The problem is that some of these 200 affiliates have signed to o365 applications with its main domain, for example john.doe@customer3.es 

 

  So o365 has created a main account named customer3.onmicrosoft.com for these "emailverified" users. We have entered this account (we are administrators) and we can see that customer3.es domain is attached to this account

 

  But the customer has it's own o365 account, customer3-es.onmicrosoft.com . We cannot add customer3.es domain to this account, because it's attached to the autocreated first one. 

 

  And we have fear that if we delete customer3.es domain from the second account, affiliate users accounts can be affected. And customer TI department shall not be aware of these affiliate users account (by data protection law), only 40 corporate users shall be available

 

  Any solution for this problem?

 

  regards 

2 Replies

You can perform a "domain takeover" as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/domains-admin-takeover

The process will not delete any existing users.

@Vasil Michev 

Thank you for the response, nice response

 

I assume that internal takeover is not an option, because if we delete customer3.es domain from the other account, users will became user1@customer3.onmicrosoft.com and this is not a possible option

 

If you have any users or groups in Microsoft 365 that reference the removed domain name, they must be renamed to the .onmicrosoft.com domain. If you force delete the domain name, all users are automatically renamed, in this example to user@fourthcoffeexyz.onmicrosoft.com.

 

So i think that the only option is to force domain takeover to the correct account, right?

 

Two questions if we do a force takeover

  1. Existing @customer3.es users, will still be able to log in using its mail to power BI and other services?

  2. In our account, we will be able to see which affiliate users have signed in with auto services like power BI free, right? For legal purposes, customer doesn´t want to see which affiliate users that use @customer3.es accounts have signed in other o365 services, is there a way to do this?

 

Thanks a lot for the response