Migrate Windows AD-Connect after Tenant to Tenant migration but keeping the domain

Olivier Grim 5 Reputation points
2023-06-30T19:03:52.61+00:00

Hi Guys,

We plan to migrate the Tenant (Exchange, OneDrive, Teams) to a target Tenant but we keep the domain (ie contoso.com will be add in domain management on the target Tenant and all mailboxes will not change).

How do we need to proceed for AD-Connect installed on the on premise server ?

The objectifs is to update the local user password to Azure user.

Do we need to pay attention to a specific step ? The Windows server itseld is kept also.

Thanks a lot,

Oliver

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,771 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,731 questions
0 comments No comments
{count} vote

4 answers

Sort by: Most helpful
  1. Priscilla Soares | Escola São Domingos 400 Reputation points
    2023-06-30T19:26:14.7766667+00:00

    When migrating a tenant while keeping the domain intact, there are some considerations and steps you need to follow, especially when it comes to AD Connect and updating user passwords. Here's a general outline of the process:

    Verify domain ownership in the target tenant: Before you can add the domain (contoso.com) to the target tenant, you need to verify domain ownership. This typically involves adding DNS records or verifying through other methods provided by the target tenant's domain management.

    Prepare the source tenant for migration: In the source tenant, ensure that all user accounts and mailboxes are in a suitable state for migration. Make sure there are no issues with the user accounts, such as suspended accounts or mailbox size limitations.

    Set up AD Connect in the target tenant: Install and configure AD Connect in the target tenant. This involves installing AD Connect on your on-premises server and configuring it to synchronize the user accounts and passwords from your local Active Directory to Azure Active Directory (AAD) in the target tenant.

    During the configuration, you'll need to specify the source and target tenant information, including the source AD forest, target AAD tenant, and the domain to be synchronized. You should select the option to synchronize passwords as well.

    Make sure to review the AD Connect configuration thoroughly to ensure it aligns with your migration requirements.

    Synchronize user accounts and passwords: Once AD Connect is set up, it will start synchronizing user accounts and passwords from your on-premises Active Directory to Azure Active Directory in the target tenant. This process ensures that user accounts and passwords are available in the target tenant.

    As part of the synchronization process, AD Connect will update the user's password hash in Azure AD when a password change occurs in the on-premises Active Directory.

    It's crucial to ensure that password synchronization is functioning correctly by monitoring the synchronization process and addressing any errors or issues that may arise.

    Perform a pilot migration: Before performing a full-scale migration, it's recommended to conduct a pilot migration with a small group of users. This allows you to validate the migration process, ensure that user accounts and passwords are correctly synchronized, and identify and resolve any potential issues.

    Perform the full migration: Once you have successfully completed the pilot migration and addressed any issues, you can proceed with the full-scale migration. This involves migrating all user accounts, mailboxes, and other relevant data from the source tenant to the target tenant while keeping the domain intact.

    You can leverage Microsoft's migration tools or third-party migration solutions to simplify and automate the migration process. Ensure that you follow best practices and thoroughly test the migration before proceeding.

    It's worth noting that this is a high-level overview, and the actual steps may vary depending on your specific environment and requirements. It's recommended to consult Microsoft's documentation, including the Azure AD Connect documentation and the migration guidance provided by Microsoft, for detailed instructions and best practices.

    Additionally, it's crucial to thoroughly plan, test, and have appropriate backup and recovery mechanisms in place to ensure a smooth and successful migration process.

    0 comments No comments

  2. Olivier Grim 5 Reputation points
    2023-06-30T21:15:36.2466667+00:00

    Hi Priscilla,

    Thank you very much for your detailed answer.

    Some precisions : the on-premise server will not change. AD-Connect is already installed on it. So we need to, somehow, "redirect" the AD accounts to the new Tenant.

    Since, we are migrating all Exchange Mailboxes, OneDrive and Teams team with BitTitan.

    All accounts are now created in Azure AD in target Tenant.

    The technical steps regarding AD-Connect new configuration may presents some considerations about account GUID ? Choose the good OU, etc.

    Or, as you said : "Synchronize user accounts and passwords: Once AD Connect is set up, it will start synchronizing user accounts and passwords from your on-premises Active Directory to Azure Active Directory in the target tenant. This process ensures that user accounts and passwords are available in the target tenant."

    Thanks for your help again,

    Oliver


  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  4. Olivier Grim 5 Reputation points
    2023-07-12T16:09:29.1966667+00:00

    Hi Wayne,

    Let's try to help you (initially, I opened this to confirm some processes).

    The Mailbox Migration to a Tenant steps are in this order :

    1. Analyze source Mailboxes : type (IMAP, Exchange), size, etc. and Target (do you have global admin account on the Tenant ?), be sure to manage DNS zone of the domain on the registrar
    2. If you have a lot of Mailboxes, plan to use a migration platform as BitTitan
    3. Create account on Tenant target.
    4. Planify with customer, team and IT contact and communicate about all the steps. Fix a migration date
    5. Do the data migration in this scenario : first copy in the week, delta copy at the date of cutover. This day, delete the domain on the Source Tenant. All the accounts are renamed ******@mycompany.onmicrosoft.com ; As the domain have been deleted from the Source Tenant, you are able now to verify it on the Target Tenant (and add domain to users). Please note that if you have an AD-Connect which synchronize the accounts on the local domain, it is better to deactivate the sync before. By the way, to avoid error the day after the cutover (a monday ?), block the user connection on the Source Tenant.
    6. Configure Outlook client on pcs (delete Mail Profile and create a new one, in Outlook account : disconnect user from source Tenant, connect user on Target Tenant, close Outlook, reopen it to validate the user license). It allows you to switch without loose registered contacts in Outlook and User Signature.

    In other words, you don't have to create "separate mail users" from my point of view. The mailboxes and the Users are identical, and they receive data from migration tool (or manual import).

    Now, the main information is that the AD-Connect will recognize local accounts and sync them with Azure AD by linking the UPN (User Principal Name).

    I opened this topic to confirm that :

    • To reconfigure AD-Connect, you need to uninstall it and reinstall it (which is not confirmed)
    • Validate and confirm that Accounts from local AD will be synced with Azure AD accounts with UPN and will not duplicate accounts or do something wrong.

    Best regards,

    Olivier


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.