DMS error 25002 persists after restarting migration

When migrating emails from another Workspace domain using the Data Migration Service (DMS) tool, it is possible that error 25002 is encountered.

• Data migration tool in the Google Workspace Admin console

The error is solved by retrying the migration as explained in this article, however, if the issue persists:

1. Check in the Admin Console if the Migration client ID for the DMS is present, to do that follow this article.
   • You might have to wait 24 hours then retry the migration.

If the Migration client ID is present or has been added, and the migration is still failing:

1. Move the affected target accounts to another organizational unit (OU) and try the migration again.
2. Once the migration is done, you can move the accounts back to their original OU.

If the Migration client ID for DMS is present or has been set and the issue persists, the destination account should be checked and see if the D3 policies for the user include the app and scopes.

1. Open Dasher > Effective Settings in Google Admin for the user (not the domain!).
2. Look for ThirdPartyUserImpersonationSettingsProto (it might appear as third_party_user_impersonation_settings_proto in some contexts).
3. Search for the Migration client ID mentioned in this article and see if it has the expected scopes.
4. If it has more than 24 hours passed since the Migration client ID was added in the Admin console, this usually resets when the user is moved to another OU to reset the D3 policies.

• The customer should do it in both the source and destination domains and for all the source and destination accounts.

If the issue still persists, contact the support team for a further investigation.

• Temporary issue.
• The Migration client ID for DMS is missing.
• In rare occasions, the destination account might be missing some internal policies.