question

KiwiAKL-5152 avatar image
0 Votes"
KiwiAKL-5152 asked MarileeTurscak-MSFT answered

Migrating domain from federated authentication to managed - How long?

Hi, we are about to migrate from a federated domain to a managed domain using the "Set-MsolDomainAuthentication -Authentication Managed -DomainName xxx" command. Does anybody have any idea how quickly the users will be converted to start using PTA? I've read previously around 5000 accounts/hour?

The staging conversion to enable the ""PassthroughAuthentication" feature flag seemed relatively quick, but it was for a small number of users.

Thanks

azure-ad-pass-through-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
1 Vote"
MarileeTurscak-MSFT answered

It depends on a number of factors such as network connectivity and system performance. This TechNet blog also documents ~5000 users per hour, but it may be faster or slower than that.

The official documentation recommends upgrading to the latest version of AD Connect because doing so can potentially reduce the conversion time from hours to minutes, but still mentions that it can take four hours if there are legacy authentication methods in place.

This additional Microsoft post documents that a switch from federated identity to synchronized identity takes two hours plus an additional hour for each 2,000 users in the domain.

So judging from these three sources, it seems that up to four hours can be expected, though it may not take that long.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.