Share via

How to migrate a domain joined pc to azure ad joined including the domain user of the pc to azure ad user

Jeffrey Quibell 20 Reputation points
2023-01-17T20:18:56.0733333+00:00

I have an on-premises domain with about 8 users on desktop workstations (PCs) that are joined to the domain. Each user has a Microsoft 365 Business Premium license. While the M365 licenses are associated with an azure domain, The on-premises domain and the azure domain have never been connected so they are totally separate from each other.

Recently the only domain controller totally failed and is unrecoverable. The PCs are still able to log in except for one that seems to have lost its stored security principal. What is the best way to disconnect the PCs from the dead domain, update the user logins to be their azure domain user and connect their PCs to the azure domain with minimal or no disruption to the users?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,951 Reputation points Microsoft Employee Moderator
    2023-01-19T13:22:41.6133333+00:00

    Hello @Jeffrey Quibell ,

    Thank you for posting your query on Microsoft Q&A. By going through the above scenario I have following key takeaways:

    • Your Only Domain Controller is down and out.
    • Each user have a Cloud account which is not synced from on-prem.
    • Windows devices user logs into are still accessible.

    Objective: You want to move from On-Prem to Cloud Only solution.

    Please do correct me if I missed anything in above takeaways. If you feel above is correct the kindly follow the given approach:

    Kindly follow the given steps for 1-2 test user and devices followed by deployment for rest.

    • Get user same UPN on Azure like they have On-Prem.
    • Have M365 license assigned to them, this would give them access to MEM (Intune), Azure AD P1 and Office 365 services.
    • Create a User Group
    • Force password reset so that they could have password of their choice by enabling SSPR
    • Create policies by from MEM (Intune) by following: Start from scratch with Microsoft 365 and Intune and assign to the user group created above.
    • Getting the devices provisioned via Windows Autopilot, this won't need much user intervention to provision the device and you could deploy applications/ WIFI/VPN/Security policies via Intune while provisioning the device.
    1. Back-up the crop data on the devices.
    2. Manually register devices with Windows Autopilot
    3. Create device groups
    4. Create an Autopilot deployment profile and ensure to select, join as Azure AD joined
    5. The deployment mode must be User-driven mode for Azure AD join User's image
    6. Reset the device.

    Let me know if you have any queries in the comments section.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" and rate your experience (Yes/No) if the suggestion works as per your business need. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.