SYSTEM ADMIN BOOK
  • Hardware/Physical Machines
    • Physical Networking
      • Patch Panel
    • Hardware Devices
    • PC Build
    • RAID Configs
  • System Configuration
    • Windows
      • OneDrive for Business, Map as Network Drive in Windows
      • PDF Printer
      • Reset Windows Password
    • Linux
    • Mac
      • Factory Reset Mac Mini
      • Install FortiClient VPN
      • Remove FortiClient VPN for Macs
      • Setting Microsoft Teams Notifications in MacOS
      • Download and Install Whatsapp
  • Windows Server
    • Basic Configurations
      • Change Hostname
      • Change Default RDP Port
      • Create a User
      • Add user to Administrator group
      • Add user to Remote Desktop Users group
      • Allow log on locally - security policy setting
      • Allow Multiple Remote Desktop Connections
      • Enable Insure Guest Authentication
      • Shrink Partition
      • Extend Partition
    • FTP Server
      • Install FTP Server (IIS)
      • Create User Group
      • Add FTP Site (IIS)
      • User Isolation
      • Allow Firewall
      • FTP Client (FileZilla)
      • FTP Server (FileZilla)
      • Configure Passive Mode in FileZilla Server
      • Configuring Windows Firewall for FileZilla Server
      • FileZilla: Password reset
      • Generate a New Self-Signed Certificate
    • Group Policy
      • Block Access to the Control Panel for All Users
      • Create a Logon Banner (Legal Notice)
      • Enable / Disable Copy-Paste Policy
      • Disable Shutdown, Restart Options
      • Disable Multiple Session for Single User
      • Disable Automatic Lock Screen in Windows Server
    • Services
      • NSSM - the Non-Sucking Service Manager
      • Node-windows Library
    • Task Scheduler
      • Automate Program Execution
  • Control Panels
    • Plesk
      • Set Hard Quota on disk space for subscription(s)
      • Changing MX, A, and CNAME Records
      • Host Node.js Application
      • Add FTP account
      • Remove FTP account
      • Download a folder using Plesk File Manager
    • SolidCP
    • cPanel
  • Virtualization
    • Proxmox VE
      • Introduction
      • Download Proxmox ISO
      • Prepare Installation Media
      • Launch Proxmox Installer
      • Create a VM
  • Web Servers
    • IIS
      • Install IIS
      • Configure Default Site
      • Application Pool
      • Installing PHP
      • Deploying a Laravel app on Windows using IIS
      • Update PHP Version in IIS
      • Host a Node.js /w Next.js Application
  • VPNs and Proxy Servers
    • Reverse Proxy
      • IIS - Node.js Application
  • Database Servers
    • MS SQL
      • Download and Install
      • Install SSMS
      • Enable SA Account
      • Change SA Account Password
      • Enable Network Access to SQL Express
      • Create and configure a user in MSSQL
      • Clear SQL Server Cache
  • Web Dev Stacks
    • MERN (w/ Next)
      • Build and Run Node.js Project with Next.js
  • IT Ticketing Systems
    • Jira Ticketing System
  • Linux Servers
  • AWS Environment
  • Azure Environment
  • Backup and Security
    • SSL Certificates
      • Types of SSL Certificates
      • IIS 10: Create CSR and Install SSL Certificate
      • IIS 7: Generate CSR for Wildcard SSL
      • IIS: Generate CSR for Multi-Domain SSL
      • OpenSSL: Generate CSR
      • IIS 10: How to Install and Configure Your SSL Certificate on Windows Server
      • IIS: Export Pfx using MMC
      • IIS: Import Pfx using MMC
      • IIS: Export Pfx using IIS Manager
      • IIS: Import Pfx using IIS Manager
      • cPanel: Export PFX
      • Godaddy-CPanel: Generate a CSR
      • Godaddy-CPanel: Install SSL Certificate
      • cPanel: Generate CSR
      • cPanel: Install SSL Certificate
      • cPanel: Install Let's Encrypt SSL
      • Plesk: Generate CSR
      • Plesk: Let's Encrypt SSL Installation
      • Plesk: Installing the SSL certificate
      • Plesk: Export Public & Private Key
      • Win-ACME Let's Encrypt SSL
      • Certbot - Install SSL
      • Export Leaf, Root, and Intermediate Files
      • XAMPP - Let's Encrypt SSL Installation
    • Backup
      • Database
        • MS SQL DB Backup
        • MS SQL Restore Backup
    • Microsoft Defender for Endpoint
      • Introduction & Licenses
  • Email and Office 365
    • Troubleshooting
      • Run a message trace in the Exchange admin center
      • Not receiving email
      • Office 365 Apps Activation Error
      • Gmail Issue: Clearing Cache and Cookies
    • Mail Clients
      • Outlook
        • Maximum number of Exchange accounts in an Outlook profile
        • Enable automatic forwarding in new Outlook
        • Add Email Signature
        • Create Email Singature
        • Gmail Account Login in Outlook
      • Apple Mail
        • Add email accounts in Mail on Mac
        • Add Mail Signatures
      • Gmail
        • Mail Forwarding to Another Account
    • Office 365
      • Intro & Subscriptions
      • How to Create a Trial Account
      • How to Access the Office 365 Admin Center
      • Creating a Tenant
      • Create Users
      • Add several users at the same time to Microsoft 365
      • Creating & Managing Roles
      • Add a Domain
      • Manage MFA
      • Let users reset their own passwords
      • Assign Global Admin Roles
      • Create APP Password
      • Change a user name and email address
      • Reset MFA for Microsoft 365 User
      • Configure email forwarding
      • Add email aliases to a user
      • Change Username or Email Address
      • Export Mailbox to PST From Office 365
      • Import PST to Exchange Online (Microsoft O365)
      • Enable archive mailboxes for Microsoft 365
      • Grant Export Permission in M365 Compliance Center
      • Generate Transfer Token
    • Google Workspace
      • Intro & Plans
      • Create your Google Workspace trial account
      • Review your DNS records
      • Adding Users
      • Create organizational units
      • Restrict access to a Google Workspace service
      • Edit user attributes
      • Manage user accounts
      • Suspend a User
      • Generate a Transfer Token
      • Reduce Licenses in Google Workspace
      • Auto-forward From Google Workspace Using Routing
      • Recovering administrator access to your account
    • MailEnable
    • SmarterMail
      • SmarterMail Installation
      • SmarterMail Server Setup
      • Installation and Configuration (Practical)
      • Enable / Disable Domain in SmarterMail
      • Enable / Disable MFA for User Accounts
    • Microsoft Teams
      • Guest Access vs. External Access
      • Adding Guests To Microsoft Teams Team
      • Teams Chat DIfferent Domain: Enable External Access
      • Setup Teams Time Zone and Work Hours
      • Add Contact Numbers in Profile Page
    • Microsoft Defender for Office 365
      • Remove blocked users from the Restricted entities page
  • DevOps
  • Firewalls and Access Points
    • Windows Firewall
      • Allow Ports on Windows Firewall
    • Sophos Firewall
      • Set up a new firewall with Sophos Central
      • Enable Sophos Central management of Sophos Firewall
  • Networking
    • Cisco Router Config
    • Cisco Switch Config
      • Basic Data and Voice VLAN Setup Homelab
  • Migration
    • Drive Migration
      • Google Drive to One Drive
      • One Drive to One Drive [SharePoint Migration Tool]
      • Migrate Google files to Microsoft 365 for business
    • Mail Migration
      • Google Workspace to Office 365
      • IMAP to Office 365
      • Migration Using PST File Method
      • Office 365 to Google Workspace Migration
    • VM Migration
    • Website Migration
      • Migrating IIS Sites Using Web Deploy
      • Plesk to Plesk Migration
    • Database Migration
  • Monitoring
    • Prometheus
      • Monitoring Windows Servers Using Prometheus
    • Grafana
      • Visualize Data in Grafana
    • Loki
  • Data Center
    • HPE ProLiant ILO Configuration
  • Other Technologies
    • Some R&Ds
      • Active vs. Passive Mode in FTP
      • IIS Recycling and Virtual Memory Limit
      • IIS Application Pool
Powered by GitBook
On this page
  • Generate a Transfer Token in Microsoft 365
  • Using Microsoft Graph PowerShell (Recommended)
  • Use the Transfer Token in the Target Tenant
  • REFERENCES

Was this helpful?

  1. Email and Office 365
  2. Office 365

Generate Transfer Token

To generate a transfer token for a Microsoft 365 (M365) domain (often used when transferring a domain between Microsoft tenants), you’ll typically follow this process from the source tenant using PowerShell or the Microsoft admin center.

Generate a Transfer Token in Microsoft 365

Pre-requisites:

  • You must be a Global Administrator in the source tenant (where the domain currently resides).

  • You need to install and use the Microsoft Graph PowerShell SDK (or the legacy MSOnline module for older environments).

Using Microsoft Graph PowerShell (Recommended)

  1. Install Microsoft Graph PowerShell SDK (if not installed):

Install-Module Microsoft.Graph -Scope CurrentUser

  1. Connect to Graph:

Connect-MgGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All"

You will be prompted to log in as a Global Admin.

  1. Generate the transfer token:

$domainName = "yourdomain.com"
$token = New-MgDomainTransferToken -DomainId $domainName
$token.Value

This will generate a token string that you can copy and paste into the target tenant to initiate domain takeover.

Where to Use the Token

In the target tenant, when you attempt to add the domain via the Microsoft 365 Admin Center, you'll be prompted to enter this transfer token to verify domain ownership.

Important Notes:

  • The token is valid for only 7 days.

  • Do not remove the domain from the source tenant until the transfer is completed.

  • The domain must not have any associated services (like email, Teams, etc.) actively using it when transferring.

Use the Transfer Token in the Target Tenant

Step 1: Sign into the Microsoft 365 Admin Center of the target tenant

  • Use Global Admin credentials for the target Microsoft 365 tenant

Step 2: Add the domain using the token

  1. In the left sidebar, go to: Settings → Domains → Click “Add domain”

  2. Enter the domain name you want to transfer (e.g., yourdomain.com)

  3. The system will detect that the domain is in use elsewhere and prompt:

    "This domain is already being used in another tenant. You can request a transfer using a transfer token."

  4. You'll be asked: "Do you have a transfer token?"

    • Click “Yes”

    • Paste the transfer token you got from the source tenant PowerShell

  5. Microsoft will now validate the token.

    • If valid, the domain will be queued for transfer.

    • Microsoft will release the domain from the old tenant and bind it to the new one.

Step 3: Wait for the transfer to complete

  • This can take anywhere from a few minutes to several hours depending on DNS propagation and Microsoft’s backend checks.

  • You'll receive confirmation once the domain has been successfully added to the new tenant.

Important Final Checks

  • Do NOT remove the domain from the source tenant manually. Microsoft will handle this during the transfer.

  • Ensure no active users, groups, or services (Exchange, Teams, etc.) are bound to that domain in the source tenant, or the transfer will fail.

  • Once transferred, you may need to re-verify DNS records on your registrar for the target tenant.

REFERENCES

PreviousGrant Export Permission in M365 Compliance CenterNextGoogle Workspace

Last updated 14 days ago

Was this helpful?

Go to

https://admin.microsoft.com
https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/transfer-a-domain-from-microsoft-to-another-host?view=o365-worldwide