question

subglo-5139 avatar image
0 Votes"
subglo-5139 asked ·

user migration and sync to AAD

Hello,
We have simple scenario:
on-premises Active Directory in domain A and AD Connect server that synchronizes users to Azure AD tenant.

We have a situation where we need to migrate our users from Active Directory in domain A to different server and Active Directory in domain B (separate infrastructures) , but the AD tenant stays the same.

My idea was to:

  1. Migrate users between Active directories with passwords and attributes ADMT (Active Directory Migration Tool version).

  2. Install new AD Connect server in new domain B in staging mode.

  3. Put old AD Connect server in staging mode.

  4. Take new AD Connect server from the staging mode, let it sync.

  5. Decommission the old AD server.

Is this scenario supported? Do i need the first step or the new AD connect server will read the passwords and attributes in the 2nd step? My goal is that users in AD tenant stays the same as we heavily rely on office.com resources, Azure AD etc.




azure-active-directory
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Have you seen this new guide? https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-tenant

Note that your new on-premises data will overwrite what you have in Azure once you start synchronizing.

0 Votes 0 · ·
MarileeTurscak avatar image
0 Votes"
MarileeTurscak answered ·

As long as there are no duplicate objects, then I believe you should be able to accomplish this.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

shashishailaj avatar image
0 Votes"
shashishailaj answered ·

Hello @subglo-5139 ,

In addition to what Marilee has proposed I agree that you can use the plan you have mentioned above. You can use the Password Export Service by setting up Password Export Server along with ADMT to migrate users with the passwords. There is nothing within your sequence which is not supported. However, If you have any issue , you may have to engage different teams within Microsoft.

If you already have User synchronization Setup already from Domain A to your Office 365 tenant then that means you would need to setup attribute synchronization in a different way because the same user is already setup on the cloud. But the ObjectID of the use would have changed. I am not sure which attribute you have used in the current AD connect server. If it is ms-DS-ConsistencyGuid or ObjectGUid . Whichever it is , it will change once you migrate the user from domain A to Domain B. So you may have to do a soft match on the basis of SMTP/UPN.

I would suggest you to continue the existing setup and migrate user objects with passwords and setup the New Azure AD connect server in Domain B in staging Mode. The user can be tested in the staging mode before stopping sync on the other server and enabling full sync on this server. Also you may need to buy some time within your organization because there it can take up to 72 hours once you disable Azure AD synchronization on one AAD server.

I hope the above helps. Please do mark one of the post as answer if the information provided helped you so that it is helpful for other members of the community searching for similar answers.

Thank you .

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.