Share via

Convert selected (not all users) On Prem users to cloud only without changing their password

auspal 0 Reputation points
2024-04-04T22:45:22.7766667+00:00

Hi,

We want to convert some of the users in on-prem AD to cloud only without having to change/reset their password and retain their existing password.

We got the idea to move user object to OU that is not synced and restore from AAD which asks to reset/create password but we want to retain password minimising disturbance on user-end.

We do not want to convert all users on AD as well so it will be selected users. Is there a way to convert on-prem users to cloud only without changing their password. Any recommendations on third party migration tool will be highly appreciated as well.

Thank You!

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows 365 Enterprise
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Windows for business | Windows Server | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2024-04-04T23:31:21.3233333+00:00

    Hi @auspal ,

    If you need to restore the specific users, it is a requirement to recreate the passwords. I'm not aware of a third party tool that would remove this dependency.

    Otherwise if you have Password Hash Sync (PHS) enabled, users will directly authenticate from Entra ID and you don't need to perform any additional steps for the password to be synchronized for the cloud-only users. You could configure selective password hash sync to exclude specific users from password hash sync if you needed to.

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-selective-password-hash-synchronization

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.