Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
Users and workstations migration from On premise Windows AD to Azure AD
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 0%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Allan Stark
501
Reputation points
We plan to completely abandon the ground-based infrastructure of On Prem Windows AD, since we do not have any services left in our office that would require integration with local AD.
Group policies are also used very limitedly, only for core users software installation and mapping network drives.
Our main working software has a cloud version for a long time so our users work with it through a web-browser.
At the moment ~50 our users already using MS 365 Business Premium subscription.
Azure AD Connect is configured on one of our local DC.
All workstations are Azure AD hybrid joined.
We plan to finally replace old network folders by SharePoint online sites and OneDrive.
We also want to switch to using the Intune service as an alternative to managing user devices.
By switching to cloud/Azure AD identification, we want to reduce the presence of server equipment in the office to a minimum, ideally, only a router, WAPs and a couple of network printers.
Do I understand correctly that in order to migrate the user profile and his workstation into AzureAD, it is enough to perform the following steps?
- Unjoin workstation from the Windows AD domain.
- Stop the sync for that user in a local AD / Azure AD Connect, restore the user from Azure AD deleted and specify his new password.
- Join workstation to the Azure AD (Azure AD Joined) and migrate user profile using any of the utilities (https://ppm.laplink.com or https://forensit.com) from Windows AD type to Azure AD.
- Update the ImmutableID attribute for the user on Azure AD to $null via PowerShell
Is there any way to automate this process?
Are there any problems with transferring user settings when converting profiles?
I tested and found that the Outlook 365 mail profile was successfully converted, but the Chrome browser settings were not transferred to the new profile (I user forensit and did not use sync with my Google account in Chrome).
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT 14,806 Reputation points Microsoft Employee2022-08-17T17:08:09.66+00:00 Thank you for reaching out to us. I am looking into this query and will get back to you post my research.
-
Simon Burbery 546 Reputation points2024-04-10T02:36:14.8266667+00:00 This research is taking some time! 🙂
Sign in to comment