weilai-irl
commented
2 years ago Hi @kkiiskin,
Sorry for not getting back to you sooner. It's the month before new academic year starts for a lot of our customers, so crazy busy times.
This is an interesting case that I didn't have to do it for any of the sites that we maintain so far. Since all resources (users, groups, calendars etc) will have different GUID in the new tenant, the principle would be any records in Moodle database that contain GUID or unique values linked to the resources in the old tenant would need to be cleared down. This includes:
auth_oidc_stateauth_oidc_token(tokens are generated for resources in the old tenant)local_o365_appassign(assignestatus andphotoidwill be different)local_o365_calidmap(outlookeventidwill be different)local_o365_calsettings(o365calidwill be different)local_o365_calsub(o365calidwill be different)local_o365_objects(objectidof all records - users and groups - will be different)local_o365_teams_cache(objectidwill be different)local_o365_token(tokens are generated for resources in the old tenant)
Also after configuring the new app, you will need to reconfigure the integration (provide admin consent, verify setup etc) to ensure that a new application token is created.
Please post back how it goes in this process.
Regards, Lai
kkiiskin
Hi
if all useraccounts are moved to a new Azure AD tenant, but UPN:s and emailaddresses are kept the same, should we empty all data from auth_oidc_token and local_o365_objects tables? Or do we need to do even that?
The app registration is of course created to the new tenant and configured to Moodle before users log in.