Multi-Entity Domain Rewrite and Microsoft 365 Migration for a National Healthcare Organization

TL;DR. National occupational healthcare provider, 16,000 users, 799 mailboxes, multiple subsidiary entities. Domain rewrite, Exchange mail flow separation, and multi-tenant M365 consolidation architected and delivered over 6+ months.

What was the client environment?

A national occupational healthcare provider operating hundreds of medical centers underwent a complex corporate restructuring involving multiple subsidiary entities. The organization needed a comprehensive domain rewrite, Exchange mail flow redesign, and multi-entity Microsoft 365 migration, all coordinated across subsidiary tenants with different operational requirements and timelines.

What made this migration challenging?

Healthcare organizations face the highest stakes when it comes to IT migrations. Missed emails can mean missed patient communications, and directory disruptions can lock clinicians out of critical systems:

• Domain rewrite architecture. The separation required a full domain rewrite across the organization's email infrastructure, with SMTP addresses, UPNs, and directory attributes all needing to be transitioned to new domain structures. The process had to be designed from scratch to support the healthcare entity's specific compliance requirements.
• Multi-entity coordination. Multiple subsidiary entities, each with their own tenant, timeline, and technical requirements, needed to be onboarded into the migration platform simultaneously. Some subsidiaries required device migrations to new corporate laptops, adding a hardware logistics dimension to the project.
• Exchange mail flow separation. The existing Exchange mail flow needed to be redesigned to support the new organizational structure, requiring detailed analysis of current configurations and architectural planning for the separated mail routing.
• Target tenant readiness. The target Microsoft 365 tenant was not production-ready at project kickoff. Entra AD Connect sync was not configured, delaying object provisioning. This required the team to work in parallel on architecture design while waiting for infrastructure dependencies to be resolved.
• SharePoint and Teams parity. SharePoint Online and Teams configurations needed to be documented and compared between source and target environments to ensure feature parity post-migration.

How did LeadThem approach the migration?

Architecture and planning

Weeks 1-2: Technical workshops and discovery. Conducted intensive technical workshops to review Quest migration products and set high-level project expectations. Began environment discovery across all entities while working through vendor account creation and product prerequisite completion. Designed the separation domain rewrite architecture.

Weeks 3-4: Migration playbook and multi-entity onboarding. Submitted the migration project playbook for client review. Created the formal ODM T3 Migration project plan with detailed task lists. Extracted and tracked project requirements in a dedicated requirements spreadsheet. Simultaneously onboarded subsidiary tenants into ODM, granting consents, configuring workflows, and enabling feature flags for SharePoint access limitations.

Weeks 5+: Exchange mail flow design and production configuration. Designed Exchange mail flow separation to support the new domain structure. Compared and recorded SharePoint Online and Teams configurations between source and target environments. Prepared production change requests for tool configuration while coordinating with Microsoft and the parent entity on Entra AD Connect sync configuration.

What technical challenges did we solve?

• Target tenant not production-ready. When the target tenant's Entra AD Connect sync was not configured at project start, our architect pivoted to parallel workstreams. We advanced architecture design, playbook creation, and subsidiary onboarding while the client's team resolved the infrastructure dependency with Microsoft support.
• Multi-entity tenant onboarding. Each subsidiary entity required separate ODM tenant configuration with specific consent grants and workflow permissions. Our team onboarded each entity systematically, including enabling Quest feature flags for limiting SharePoint access by ODM, a critical security control for the healthcare environment.
• Device migration complexity. A subset of users in one subsidiary were receiving new corporate laptops as part of the migration, requiring coordination between the IT migration team and hardware logistics. Our architect designed the migration workflow to accommodate both in-place migrations and new-device provisioning scenarios.
• Exchange mail flow architecture. Designing the separated mail flow required deep analysis of the existing Exchange Online configuration and careful planning to ensure no mail routing gaps during the transition. This is particularly critical in a healthcare environment where patient-related communications flow through multiple entities.

What were the results?

LeadThem Consulting delivered a comprehensive migration architecture spanning domain rewrite, Exchange mail flow separation, and multi-entity M365 consolidation for a 16,000-user healthcare organization. The migration playbook, detailed project plan, and requirements tracking provided the client with a clear execution roadmap. Multiple subsidiary tenants were successfully onboarded into the migration platform, and the domain rewrite architecture was designed to support the organization's ongoing restructuring needs.

Which tools and technologies were used?

• Quest On Demand Migration (ODM T3) for cross-tenant migration
• Domain Rewrite for SMTP and UPN transformation
• Content Matrix for SharePoint migration
• Microsoft Entra AD Connect for directory synchronization
• Exchange Online mail flow architecture and routing
• Microsoft 365 (Exchange, Teams, SharePoint Online)

Why LeadThem Consulting

Multi-entity healthcare migrations are among the most complex projects in the M365 ecosystem, combining regulatory sensitivity, multiple subsidiary timelines, domain rewrite complexity, and Exchange mail flow redesign. LeadThem Consulting's architect designed the complete migration architecture, created the playbook that guides execution, and managed the parallel onboarding of multiple subsidiary tenants. When infrastructure dependencies created delays, our team kept the project moving forward on parallel workstreams rather than waiting idle.

What is a multi-entity M365 migration?

A migration that consolidates multiple subsidiary or business-unit M365 tenants into a single target tenant, with each subsidiary having its own timeline, operational requirements, and sometimes its own source tenant. The complexity is in coordinating overlapping migrations while keeping each entity's mail flow, identity, and data isolated until cutover.

Why does healthcare M365 migration require special handling?

Patient-related communications flow through email, directory disruptions can lock clinicians out of EHR systems, and compliance regimes require auditable chain of custody for any system that touches PHI. Mail flow separation, tenant onboarding consents, and SharePoint access controls all need to be architected with healthcare-specific compliance in mind.

What is Quest ODM T3 and when is it used?

ODM T3 is Quest On Demand Migration's tenant-to-tenant migration license tier. It is used for cross-tenant M365 migrations involving Exchange Online, SharePoint Online, OneDrive, Teams, and Entra ID, with paid per-mailbox or per-user licensing depending on workload scope.

How do you migrate SharePoint Online sites between tenants?

Through Quest Content Matrix or Quest ODM SharePoint workloads. Site collections, document libraries, permissions, and metadata are read from the source tenant and written to the target tenant. Pre-migration analysis compares configurations to ensure feature parity post-migration.