This guide provides a step-by-step process for organizations looking to defederate their Microsoft 365 accounts from GoDaddy, ensuring a smooth transition and minimal disruption to services.
Why Defederate from GoDaddy?
Organizations may need to defederate from GoDaddy to gain more control over their Microsoft 365 environment, switch to a different provider, or align with new business requirements. This process involves several critical steps and can impact user access and services if not executed correctly.
Systems and Services Affected by Defederation
- Microsoft 365 tenant
- Azure Active Directory
- User accounts and passwords
- SharePoint URLs (potentially)
- Licensing and subscriptions
Step-by-Step Defederation Process
- Preparation Phase:
- Set a defederation date (preferably during non-business hours)
- Create and securely share temporary passwords for all users
- Instruct users on post-defederation login procedures
- Gaining Admin Access:
- Log in to Azure Portal
- Reset admin@.onmicrosoft.com password
- Recommended: create a second global admin account to avoid accidental lockout
- Sign in with new credentials
- Executing the Defederation:
# Install required module
Install-Module MSOnline -Force
# Connect to Microsoft 365
Connect-MsolService
# Get the federated domain
$domain = Get-MsolDomain | Where-Object {$.Authentication -eq "Federated"}
# Attempt to convert to Managed
try {
Set-MsolDomainAuthentication -DomainName $domain.Name -Authentication Managed -ErrorAction Stop
Write-Host "Domain $($domain.Name) successfully converted to Managed" -ForegroundColor Green
} catch {
Write-Host "Failed to convert domain $($domain.Name) to Managed" -ForegroundColor Red
Write-Host "Error: $($.Exception.Message)" -ForegroundColor Red
}
# Verify the change
Get-MsolDomain | Where-Object {$.Name -eq $domain.Name} | Select-Object Name, Authentication - Post-Defederation User Password Reset:
# Install required module Install-Module -Name Microsoft.Graph.Users.Actions -Force # Connect and authenticate Connect-MgGraph # Reset passwords from CSV Import-Csv -Path "users.csv" | ForEach-Object { Update-MgUserPassword -UserId $_.UserPrincipalName -NewPassword $_.Password }
- Updating Provider and Licensing:
- Add new CSP provider or go direct to Microsoft
- Order and assign new licensing
- Remove old licensing
- Removing GoDaddy Access:
- Remove GoDaddy's delegated admin roles
- Cancel GoDaddy subscription
- Optional: Update SharePoint domain for better branding. e.g. https://netorg12847914.sharepoint.com/ --> https://yourcompany.sharepoint.com/
Critical Warnings and Best Practices
- Ensure all users have their new passwords before proceeding with defederation.
- The defederation script will affect ALL domains in the tenant. Verify this is your intention before running.
- When resetting passwords, ensure your CSV file has headers for UserPrincipalName and Password.
- Verify new licenses are properly assigned before removing old ones to avoid service interruption.
- Once GoDaddy is removed as delegated admin, this action cannot be easily undone.
Follow-Up
If you've encountered this issue and followed the steps outlined in this article, we'd love to hear from you. Please leave a comment below to share whether this solution helped resolve the problem. Additionally, if you found a different method that worked, we encourage you to share that as well. Your feedback is invaluable in helping us and others who may face similar issues.
Need Expert Assistance?
If you're still facing issues or would like personalized guidance, we're here to help. Check out our dedicated support plans at IT Solver Support Plans for expert assistance tailored to your needs.
Comments
0 comments
Please sign in to leave a comment.