# Generate Transfer Token {% hint style="warning" %} To generate a **transfer token** for a **Microsoft 365 (M365)** domain (often used when transferring a domain between Microsoft tenants), you’ll typically follow this process from the **source tenant** using PowerShell or the Microsoft admin center. {% endhint %} ## Generate a Transfer Token in Microsoft 365 {% hint style="success" %} **Pre-requisites:** * You must be a **Global Administrator** in the **source tenant** (where the domain currently resides). * You need to install and use the **Microsoft Graph PowerShell SDK** (or the legacy **MSOnline module** for older environments). {% endhint %} ### Using Microsoft Graph PowerShell (Recommended) 1. **Install Microsoft Graph PowerShell SDK (if not installed):** ```powershell Install-Module Microsoft.Graph -Scope CurrentUser ``` 2. **Connect to Graph:** ```powershell Connect-MgGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All" ``` {% hint style="warning" %} You will be prompted to log in as a **Global Admin**. {% endhint %} 3. **Generate the transfer token:** ```powershell $domainName = "yourdomain.com" $token = New-MgDomainTransferToken -DomainId $domainName $token.Value ``` {% hint style="warning" %} This will generate a token string that you can copy and paste into the target tenant to initiate domain takeover. {% endhint %} {% hint style="success" %} #### **Where to Use the Token** In the **target tenant**, when you attempt to add the domain via the **Microsoft 365 Admin Center**, you'll be prompted to enter this **transfer token** to verify domain ownership. {% endhint %} {% hint style="danger" %} #### **Important Notes:** * The token is valid for **only 7 days**. * Do **not remove** the domain from the source tenant until the transfer is completed. * The domain must not have any associated services (like email, Teams, etc.) actively using it when transferring. {% endhint %} *** ## Use the Transfer Token in the Target Tenant **Step 1: Sign into the Microsoft 365 Admin Center of the target tenant** * Go to [https://admin.microsoft.com](https://admin.microsoft.com) * Use **Global Admin** credentials for the **target** Microsoft 365 tenant **Step 2: Add the domain using the token** 1. In the left sidebar, go to: **Settings** → **Domains** → Click **“Add domain”** 2. Enter the **domain name** you want to transfer (e.g., `yourdomain.com`) 3. The system will detect that the domain is in use elsewhere and prompt: > *"This domain is already being used in another tenant. You can request a transfer using a transfer token."* 4. You'll be asked: **"Do you have a transfer token?"** * Click **“Yes”** * Paste the **transfer token** you got from the source tenant PowerShell 5. Microsoft will now validate the token. * If valid, the domain will be **queued for transfer**. * Microsoft will release the domain from the old tenant and bind it to the new one. **Step 3: Wait for the transfer to complete** * This can take anywhere from **a few minutes to several hours** depending on DNS propagation and Microsoft’s backend checks. * You'll receive confirmation once the domain has been successfully added to the new tenant. {% hint style="danger" %} #### Important Final Checks * **Do NOT remove the domain from the source tenant manually.** Microsoft will handle this during the transfer. * Ensure **no active users, groups, or services** (Exchange, Teams, etc.) are bound to that domain in the source tenant, or the transfer will fail. * Once transferred, you may need to re-verify **DNS records** on your registrar for the target tenant. {% endhint %} *** ## REFERENCES *