Office 365 [Solved] – Migration Permanent Exception: You can’t use the domain because it’s not an accepted domain for your organization

Hello folks,

Ahmad Yasin (MCSA office 365, MCSE : Messaging, Azure Certified)

In one of our Migration projects from on-premises exchange to Exchange online (Office 365), we enabled Directory Synchronization using AD Connect tool, All on-premises users was synchronized to Azure AD successfully.

After enabling Hybrid Configuration wizard, we migrated a lot of mailboxes without any issues, few number of mailboxes failed to be migrated and showed below error (From office 365 portal, Migration Batch Details):



The error says:

“Migration Permanent Exception: You can’t use the domain because it’s not an accepted domain for your organization –> You can’t use the domain because it’s not an accepted domain for your organization”

Now. let’s understand why this error appear:

Assume you are the owner of domain, all email in the format of, in order to migrate these mailboxes to office 365 (Exchange online) you should prove for office 365 tenant that you are the real owner of the domain and this make sense, Imagine that there is no need to prove the ownership then anyone can create emails in office 365 using any public domain name which is impossible to be allowed.

In our case, our domain already verified in office but still we faced the same error for some mailboxes, when we checked the failed on-premises mailboxe (Email Address Attribute) we something similar to below:


from above snapshot, the blue arrow is the primary email address for this mailbox and use the same domain which was verified in office 365, but we can notice that the same mailbox have another alias end with different domain (Red Arrow) which is not verified in office 365 which is the main cause of this issue.

To solve the issue we have two options, the first one is to remove the alias and resync the object using AD Connect to update the attribute in Azure AD, in that case the user will not be able to receive emails using the alias.

the second option is to verified the alias domain in office 365 and re-migrate the mailbox again, and this is what we did 🙂


About Blogger …


Ahmad Yasin

Ahmad Yasin (MCSA office 365, MCSE, Messaging, Azure certified)

Ahmad Yasin in a Microsoft Cloud Engineer and the Owner & publisher of AzureDummies blog. He also holds many certificates in office 365 and windows azure including Developing Microsoft Azure Solutions, Implementing Microsoft Azure Infrastructure Solutions and MCSA office 365.
Ahmad is currently working in Specialized Technical Services Company (STS).
Find Ahmad at Facebook and LinkedIn




  1. So, what do you do when you’ve completed migrating 10 mailboxes, all with multiple aliases that are not valid domains in Office 365 (successfully migrated mailboxes) and all of a sudden you get one that fails with that error. You look and see that he has all these aliases that are not valid domains, but you look further and see that the 10 that have been migrated have those same SMTP domain aliases. Why do 10 work and 1 fail?

  2. Hi,
    Im facing issue with adding office 365 with RSA security analytics(SIEM). But we were unable to add event source. Test connection was occurred. So plz provides the steps needs to be followed in event source end and security analytics end as well. If you are providing troubleshooting guidelines, that will great.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.