This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 57.00000000000001%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
Hi All-
We are planning to migrate our authentication from Federated to Managed Auth. We plan to use the Password Hash Sync and we are following this guide.
Our current setup is, we have the abc.xyz.com domain and the Password Hash Sync is also enabled but the User Sign-in is on Federated.
We are wondering if the migration will impact our users/application that came from the domain abc.xyz.com since we are changing the domain to login.microsoftonline.com? Or the migration will impact our users in the Active Directory and Azure AD? Since our Azure AD Connect is enabled for syncing, do we still need to migrate the users from Active Directory to Azure AD?
Thank you!
Hi @user20201 • Thank you for reaching out.
You need to take care of below considerations:
Set-MsolDomainAuthentication -Authentication Managed -DomainName <domain name> on ADFS Server to convert authentication from Federated to Managed. Expected behavior once the above steps are done: Users sign-in by using username@jaswant .xyz.com, they will no longer be redirected to on-premises federation server based on abc.xyz.com domain suffix in the UPN and authentication will directly take place via Azure AD tenant where username@jaswant .xyz.com is added as verified domain.
Since our Azure AD Connect is enabled for syncing, do we still need to migrate the users from Active Directory to Azure AD?
If users are already synced, there is no need to perform any sort of migration from Active Directory to Azure AD.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @AmanpreetSingh-MSFT ! Thank you for your help.
We tried to migrate our authentication and it was successful. However, there are some accounts that got "Incorrect Password" upon their login and the other accounts were fine. Upon checking in the User info, the "Directory Synced" of those users is set to "Yes." Where should I check this or any recommendations we can do to resolve the issue? Thank you.
Hi @user20201 • You can try resetting the password in local AD for problematic users and check the application event logs on the AD Connect server to see if password is getting synced or not.