GoDaddy Controlling Managed Office365
Posted by Normal_Elk_4414@reddit | sysadmin | View on Reddit | 39 comments
About a year ago I de Federated my church's email with GoDaddy and moved everything over to Microsoft.
on Friday afternoon GoDaddy has taken control of everything and since I have no subscriptions with them our email and office access is shut off.
when I go into my Management console I cannot update subscriptions because it says I need to contact godaddy. when I contact GoDaddy they say we're defederated and they can't do anything.
Powershell shows us as managed, not Federated.
anyone have any idea what the heck is going on?
seanieb64@reddit
GoDaddy MS365 is managed/shared tenant - so there are other people in the same tenant as you but you cannot see their content.
I worked with one at a subsidiary of my job. Likely what happened is some engineer noticed you enabled federation or Microsoft noticed it and slammed the door because the GoDaddy MS365 license tiers are extremely limited. The one I worked with they only gave the users like Exchange Online P1 and nothing else
I dont think Federation is a supported outcome. I would migrate them into your other 365 org, or migrate them into a new tenant you set up yourself and spin down the relationship with Godaddy
That's what I am doing for the users I support.
brokerceej@reddit
This is blatantly untrue. OP forgot to remove their partner relationship and they killed his shit with GDAP, which is a warning they tell you about when de-federating. GoDaddy is absolutely not sharing tenants across different orgs. I have defederated probably over a hundred GoDaddy tenants. If you fail to remove their partner relationship they nuke your tenant when their offboarding script runs.
Normal_Elk_4414@reddit (OP)
Okay so if this is what you think happened then why did the licenses in the admin Center show several months remaining on them even though they're deactivated.
brokerceej@reddit
I would posit that whatever mechanism in their backend that sends renewal/change notices for NCE licenses triggered the defederation check, saw the defederation, and ran the tenant deletion script. There are several different things that trigger that defederation check on the GoDaddy side, it doesn't necessarily happen only at expiration of the account licenses. It can happen at GoDaddy account closure, it can happen in a week, two, several months, etc. The point is it *will* happen at some point if their partner relationship is not revoked. It's a ticking time bomb.
sixblazingshotguns@reddit
A tenant will not get "nuked" if additional licensing is purchased elsewhere - either from Microsoft Commercial Direct or an Indirect vendor. A tenant stands to get "nuked" if there is no GDAP partnership in place at all and no paid licensing from Microsoft in place. There is no published time when that happens, like you say.
Normal_Elk_4414@reddit (OP)
And "untrue?" Really? How about "mistaken" or "you missed a step." Why would I delibertly lie about what I thought I did correctly.
brokerceej@reddit
I’m saying the person above you is saying things that are blatantly untrue. Godaddy does not share tenants.
Normal_Elk_4414@reddit (OP)
This is what I thought I did. It was a year ago so I don't remembe exactly. It's for a non-profit so they were under MS's grant program, so no regular invoices.
brokerceej@reddit
You failed to remove their GDAP partner relationship from the tenant when you defederated. When the term expires on the original GoDaddy licenses (whether you're using them or not, and whether you've defederated or not) they run a script via GDAP that nukes the tenant. As in - it deletes everything in the entire tenant in an unrecoverable way.
This is why they are very up front with you about removing their partner relationship when you defederate and migrate away. All the online tutorials also call this out. I have done probably over a hundred of these defederation jobs. You need to open a Microsoft ticket to try to restore the tenant ASAP in case the data is still there. But the several times I've seen this happen to other MSPs, that data was permanently gone the moment GoDaddy ran their script.
sixblazingshotguns@reddit
The GDAP partner relationship goes away, but the data is not immediately deleted at that exact time. It does not "nuke" the tenant. I have had this happen to a few tenants and it's been cut close but if I get another GDAP partner relationship in there then all is well.
Lokeze@reddit
I'm not saying someone shouldn't remove the relationship by any means, but it is insane to me that GoDaddy runs this script without filtering out the accounts they no longer manage.
Normal_Elk_4414@reddit (OP)
I can't even open a ticket. I can't get past the ai. We've been paying for and using Microsoft services for almost a year. I will have to dig into this deeper
DehydratedButTired@reddit
Microsoft support is pretty dead and ineffective at this time.
brokerceej@reddit
You can’t open a ticket because your 365 tenant is deleted. Make a new tenant and open a ticket asking for help to restore the other one. There’s also a restoration mechanism somewhere in the Microsoft docs where you can open a ticket too I think.
Normal_Elk_4414@reddit (OP)
So there is no one listed under GDAP Admin privileges, and under "other partner relationships" GoDaddy is listed as "None" under authorization, and "none assigned" under roles. That would make it appear that I did revoke the GDAP privileges.
Elensea@reddit
Yep this it
Normal_Elk_4414@reddit (OP)
Thanks. This is useful information.
sixblazingshotguns@reddit
Every time I have "defederated" a customer's GoDaddy 365 it has involved moving licensing to a different Microsoft indirect vendor. In your case you state you are moving directly to Microsoft, so a similar process. When you say you "moved everything over to Microsoft", what exact steps did you perform? How it works is after defederation you get an email from GoDaddy (sent to the account admin email address on file) with the password that they used to reset each of your Microsoft 365 accounts. You can then log into an account with Global Administrator role permission by going to http://admin.microsoft.com/
You get 7 days at that point to initiate service with a new provider (Microsoft Commercial Direct OR an indirect licensing vendor) and accept GDAP service if an indirect vendor is chosen. The licensing is purchased and added to the tenant, and you apply it to the users. The tenant is preserved at that point. That is how it's supposed to work. That's how it has always worked for each of the 20 or so clients I have worked through in the process. The only time you are at risk of your tenant data getting deleted is if you do nothing in the 7 day time period and GoDaddy pulls their licensing out from underneath.
It sounds like you were never notified via e-mail what your password to the tenant is. That e-mail arrives typically within 12-24 hours after working with GoDaddy to defederate.
Elensea@reddit
On Easter no less!
gudmundthefearless@reddit
Hopefully it comes back in 3 days!
1armsteve@reddit
Was gonna say “dead”
But I guess this is more appropriate:
risen…
mustang__1@reddit
...jesus
donith913@reddit
Yes, my son?
mustang__1@reddit
stop watching me when I... eh you know what, if the fbi can watch what difference does it make anymore.
3dGrabber@reddit
RemindMe! 3 Days "jesus”
Spug33@reddit
Based
ConsciousEquipment@reddit
lmao
schwags@reddit
I think they install an Enterprise app. If you didn't remove that app, maybe some sort of automated something or other came through and fucked everything up. Sorry I can't be of more help. I've only de-federated a few times and it's always been pretty straightforward.
Normal_Elk_4414@reddit (OP)
None found.
ITSlave53@reddit
So no only is there a GDAP relationship, GoDaddy has an enterprise app that will reactivate their shit if you dont delete it
Normal_Elk_4414@reddit (OP)
Where do I find this and remove it. I'm pretty sure I have the GDAP relationship severed.
ITSlave53@reddit
https://tminus365.com/defederating-godaddy-365/
Scroll alllll the way to the bottom, go to the Remove enterprise app, not sure it'll undo whatever happened to that tenant but I hope so
Normal_Elk_4414@reddit (OP)
Nope, no enterprise app there when following the directions.
ifpfi@reddit
I had a personal email account with Godaddy for a long time. One day the webmail login took me to an office.com site. I never wanted O365 but apparently the godaddy premium email is obsolete so they transitioned us to O365 webmail. I nearly lost 20 years worth of email. It took multiple tickets to the office of the president for me to get a .pst file off all my old emails so I could migrate to another email provider. I recommend you leave Godaddy/O365 as early as possible to avoid this headache in the future.
Advanced_Day8657@reddit
Can you open a ticket to Microsoft via admin console?
Normal_Elk_4414@reddit (OP)
Nope. Just kicks me to the AI which can't answer
Advanced_Day8657@reddit
I always type "open ticket" and then it lets me do that. Or to disable the "new support experience" from the upper part of the menu
ryan-btrbsystems@reddit
I hate to say it but you missed a step in the defederation and GoDaddy still had access and something automated probably killed the tenant.
There’s no chance in getting a human quickly. We’ve done maybe 30+ of these though with no issues, not to say we won’t ever have issues but as long as you revoke their management to the client, they should not have had any access to be able to do that.
Normal_Elk_4414@reddit (OP)
Is there any way to actually get a human at Microsoft to find out what happened? I can't get past the AI agents who don't have a F'n clue as to what the problem is, and keep referring me to support documents that don't apply.