Hello @syswiz,
In your scenario , you have mentioned that the identities in all the three tenants are using different names and are being synced using three different AD connect server. Hence I am assuming that there are three different UPN suffixes that you have to consolidate to one single tenant .
As you have three different AAD connect servers , I assume , you may have OU based filtering for all three or Attribute based filtering (as per different UPN suffixes) or maybe domain based. . One of the important things to notice is about associated data with every identity like sharepoint/onedrive data , Mailbox etc. In any company, mailbox migration is one of the big tasks during these kind of consolidation projects
I would suggest you to do all the transitions over the weekend. Lets say you have the following three tenants and corresponding
- tenantA.onmicrosoft.com (c1.com)
- tenantB.onmicrosoft.com (c2.com)
- tenantC.onmicrosoft.com (c3.com)
Create a local Global Admin account in Tenant B (GA@tenantB.onmicrosoft.com) and Tenant C (GA@tenantB.onmicrosoft.com). Do not use the tenant specific UPN suffixes means don't create the Global admin user with GA@c2.com because for moving identities we first need to remove the custom domains associated with a tenant . For the sake of simplicity we will only use example for Tenant B. This global admin creation is just to be on safe side. you may already have this account and in that case , please use your existing GA.
As far as I have worked with multiple customers till now , zero disruptions for users is not possible in these scenarios. But the disruptions could be minimized by planning it across a weekend. Have all of your users export their Outlook mailbox as a PST to be on the safe side. Enable litigation hold for the mailboxes which will preserve all mailbox content for every user. Lets start with Domain B. In order to start this you will need to first remove the identities from the tenant B and will need some preparation for the same before you can make changes to the existing filtering rules in AAD connect instances.
- You must have some kind of filtering on AAD connect for Tenant B scoped for specific UPN suffix as far as I think.
- You would need to update the filtering so that no user gets synced to the cloud.
- This will delete all the users in scope from the Azure AD connector space in AAD connect for Tenant B and C.
- Once these users are deleted in AAD connector space on the AD connect metaverse , this will replicate to the cloud and the same user objects will be deleted from the cloud.
- Now the custom domain will be free for deletion from this tenant Tenant B .
- Delete the custom domain for the tenant B .
- Add the custom domainn in Tenant A.
- And change the existing filtering so that all the users with UPN of tenant B (@c2.com) get synced.
- Now the identities of Tenant B will automatically be synced to tenant A.
- the new identities for Tenant B will automatically be created a new identity in tenant A because the customer domain c2.com is already verified in the tenant A.
- Similarly you need to migrate the users from tenant C as well by first removing the domain c3.com
Always remember that before modifying the sync rules on AAD connect for tenant A always make sure that the custom domain users in Tenant B has been verified in tenant A , else the sync will not be smooth and you may see issues. A lot depends on the kind of filtering and its scope set in Azure AD connect instances hence I would suggest you to test it on a small group of pilot users before doing it for everyone.
I have linked some article which will provide more information. O365 migration is a big topic and its difficult to provide 100% accurate answer but I have tried to answer it as per information you have provided and as per my knowledge. I would also suggest to engage a O365 / Azure AD consultant if its possible for you . Should the information help you , please do accept it as answer so that it can help other members too. In case of any queries , please feel free to let us know and we will be happy to help .
Thank you.