When migrating a tenant while keeping the domain intact, there are some considerations and steps you need to follow, especially when it comes to AD Connect and updating user passwords. Here's a general outline of the process:
Verify domain ownership in the target tenant: Before you can add the domain (contoso.com) to the target tenant, you need to verify domain ownership. This typically involves adding DNS records or verifying through other methods provided by the target tenant's domain management.
Prepare the source tenant for migration: In the source tenant, ensure that all user accounts and mailboxes are in a suitable state for migration. Make sure there are no issues with the user accounts, such as suspended accounts or mailbox size limitations.
Set up AD Connect in the target tenant: Install and configure AD Connect in the target tenant. This involves installing AD Connect on your on-premises server and configuring it to synchronize the user accounts and passwords from your local Active Directory to Azure Active Directory (AAD) in the target tenant.
During the configuration, you'll need to specify the source and target tenant information, including the source AD forest, target AAD tenant, and the domain to be synchronized. You should select the option to synchronize passwords as well.
Make sure to review the AD Connect configuration thoroughly to ensure it aligns with your migration requirements.
Synchronize user accounts and passwords: Once AD Connect is set up, it will start synchronizing user accounts and passwords from your on-premises Active Directory to Azure Active Directory in the target tenant. This process ensures that user accounts and passwords are available in the target tenant.
As part of the synchronization process, AD Connect will update the user's password hash in Azure AD when a password change occurs in the on-premises Active Directory.
It's crucial to ensure that password synchronization is functioning correctly by monitoring the synchronization process and addressing any errors or issues that may arise.
Perform a pilot migration: Before performing a full-scale migration, it's recommended to conduct a pilot migration with a small group of users. This allows you to validate the migration process, ensure that user accounts and passwords are correctly synchronized, and identify and resolve any potential issues.
Perform the full migration: Once you have successfully completed the pilot migration and addressed any issues, you can proceed with the full-scale migration. This involves migrating all user accounts, mailboxes, and other relevant data from the source tenant to the target tenant while keeping the domain intact.
You can leverage Microsoft's migration tools or third-party migration solutions to simplify and automate the migration process. Ensure that you follow best practices and thoroughly test the migration before proceeding.
It's worth noting that this is a high-level overview, and the actual steps may vary depending on your specific environment and requirements. It's recommended to consult Microsoft's documentation, including the Azure AD Connect documentation and the migration guidance provided by Microsoft, for detailed instructions and best practices.
Additionally, it's crucial to thoroughly plan, test, and have appropriate backup and recovery mechanisms in place to ensure a smooth and successful migration process.