A comprehensive PowerShell solution for securely configuring and monitoring email forwarding between Microsoft 365 tenants (cross-tenant scenarios).
This suite provides three powerful scripts to manage cross-tenant SMTP email forwarding in Exchange Online:
- Set-CrossTenantForwarding.ps1 - Configure forwarding for a single user
- Set-CrossTenantForwarding-Batch.ps1 - Bulk configure forwarding from a CSV file
- Monitor-CrossTenantForwarding.ps1 - Monitor and validate forwarding delivery
- β Secure Exchange Online authentication with MFA support
- β Remote Domain configuration for cross-tenant scenarios
- β Outbound spam policy management
- β Comprehensive audit logging (CSV export)
- β Full error handling and validation
- π Batch processing with CSV import
- π Real-time email trace monitoring (Get-MessageTraceV2)
- π Detailed statistics and success rates
- π‘οΈ WhatIf mode for dry-run testing
- π Structured logging with timestamps
- βΈοΈ Continue-on-error option for batch operations
- π¨ Color-coded console output
- π Professional structured reports
- βοΈ Automatic module installation/upgrade
- π Secure credential handling
- π Pre/post-configuration validation
- PowerShell: 5.1+ (Windows PowerShell) or PowerShell 7+
- Windows: Windows 10/11 or Windows Server 2016+
- Network: Internet connectivity to Microsoft 365
- License: Microsoft 365 Business Premium or higher
- Modules: ExchangeOnlineManagement 3.0.0+ (auto-installed)
- Permissions:
- Global Administrator, or
- Exchange Administrator role
- Clone this repository:
git clone https://github.com/yourusername/cross-tenant-forwarding.git
cd cross-tenant-forwarding- Verify PowerShell version:
$PSVersionTable.PSVersion- Run scripts (modules auto-install):
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser.\Set-CrossTenantForwarding.ps1 `
-SourceUserUPN "john.doe@company.com" `
-TargetEmailAddress "john.doe@partner.com" `
-TargetDomain "partner.com" `
-KeepCopyInSource $true-
Create a CSV file with columns:
SourceUserUPN(required)TargetEmailAddress(required)TargetDomain(required)KeepCopyInSource(TRUE/FALSE)Comments(optional)
-
Run batch script:
.\Set-CrossTenantForwarding-Batch.ps1 -CSVPath "Users_Forwarding.csv".\Monitor-CrossTenantForwarding.ps1 `
-SourceRecipient "john.doe@company.com" `
-TargetRecipient "john.doe@partner.com" `
-DaysBack 7- DOCUMENTATION.md - French technical documentation
- DOCUMENTATION_EN.md - English technical documentation
- Parameter details
- Configuration flow (6 steps)
- Security recommendations
- Troubleshooting guide
- CSV format requirements
- Error handling strategies
- WhatIf mode usage
- Report interpretation
- Message trace methodology
- Email matching logic
- Delay measurements
- Statistics interpretation
cross-tenant-forwarding/
βββ Set-CrossTenantForwarding.ps1 # Single user setup
βββ Set-CrossTenantForwarding-Batch.ps1 # Bulk setup
βββ Monitor-CrossTenantForwarding.ps1 # Monitoring
βββ Users_Forwarding.csv # Example CSV
βββ README.md # This file
βββ DOCUMENTATION.md # French docs
βββ DOCUMENTATION_EN.md # English docs
βββ CONTRIBUTING.md # Contributing guide
βββ LICENSE # MIT License
βββ .gitignore # Git ignore rules
.\Set-CrossTenantForwarding.ps1 `
-SourceUserUPN "marie.dupont@company.fr" `
-TargetEmailAddress "marie.dupont@newcompany.fr" `
-TargetDomain "newcompany.fr" `
-KeepCopyInSource $trueResult: Marie's emails are forwarded to the new address AND kept in the original mailbox.
# View what would happen without making changes
.\Set-CrossTenantForwarding-Batch.ps1 `
-CSVPath "Users_Forwarding.csv" `
-WhatIf# Continue processing even if some users fail
.\Set-CrossTenantForwarding-Batch.ps1 `
-CSVPath "Users_Forwarding.csv" `
-ContinueOnError $true# Check delivery status after emails have been sent
.\Monitor-CrossTenantForwarding.ps1 `
-SourceRecipient "marie.dupont@company.fr" `
-TargetRecipient "marie.dupont@newcompany.fr" `
-DaysBack 1 # Last 24 hours- BatchForwarding_[timestamp].log - Full operation log
- BatchForwarding_Report_[timestamp].csv - Configuration results
- BatchForwarding_Errors_[timestamp].csv - Error details
- CrossTenantForwarding_[timestamp].log - Operation log
- ForwardingAudit_[date].csv - Audit trail
-
Authentication
- MFA-ready authentication flow
- Secure token handling
- Connection state validation
-
Audit Trail
- All operations logged with timestamps
- Administrator tracking
- Compliance reports in CSV format
-
Data Protection
- Remote Domain controls
- Outbound spam policy validation
- Copy retention options
-
Enable Alerts in Microsoft Defender
- Monitor "Creation of forwarding/redirect rule"
- Alert on suspicious forwarding changes
-
Configure DLP (Data Loss Prevention)
- Add target domain to approved recipients
- Monitor data exfiltration risks
-
Enable Audit
- Monitor Set-Mailbox operations
- Track forwarding configuration changes
-
Regular Review
- Audit forwarding rules monthly
- Remove old/unused forwarding rules
Issue: "Module not found"
# Solution: Auto-install will run on first execution
# Or manually install:
Install-Module ExchangeOnlineManagement -MinimumVersion 3.0.0 -ForceIssue: "Mailbox not found"
# Verify UPN format is correct: user@domain.com
# Check user exists in source tenant:
Get-EXOMailbox -Identity "user@domain.com"Issue: "AutoForwardingMode is Off"
# Solution: Script automatically enables this
# But verify in Microsoft 365 Defender if needed:
Get-HostedOutboundSpamFilterPolicy -Identity DefaultIssue: "Remote Domain exists but forwarding fails"
# Ensure domain is properly configured:
Get-RemoteDomain | Where-Object {$_.DomainName -eq "targetdomain.com"}See full troubleshooting in DOCUMENTATION_EN.md
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see LICENSE file for details.
This suite is provided AS-IS. While thoroughly tested, always:
- β Test in a non-production environment first
- β Use WhatIf mode for batch operations
- β Ensure proper backups and disaster recovery plans
- β Have a rollback plan for critical changes
- β Follow your organization's change management procedures
- Documentation: See DOCUMENTATION_EN.md
- Issues: Create an issue on GitHub
- Microsoft Learn: Exchange Online forwarding documentation
- Fixed empty string validation in logging
- Enhanced error handling for module installation
- Improved MFA support messages
- Added confirmation prompts for critical operations
- Added Batch processing script
- Implemented CSV import functionality
- Added monitoring script with message trace
- Enhanced audit logging
- Initial single-user forwarding configuration
- Basic Remote Domain setup
- Log file generation
- Microsoft Exchange Online Documentation
- Remote Domains in Exchange Online
- Message Trace in Exchange Online
Created with β€οΈ for Exchange Online administrators
Made for system engineers who love PowerShell, mountains, and well-organized infrastructure ποΈ