Microsoft Entra ID & user domain migration change

Yann M 5 Reputation points
2024-05-08T05:36:07.7533333+00:00

Hello,

We have 2 distinct AD domains A and B in our company (without any approbation) : both are synchronized with our single tenant using Azure AD Connect.

We want to migrate all our users from A to B and to keep the same Office 365 setting for those users.

To make it simple, once we have migrated the domain of a user, we want to keep the same mailbox, O365 licences...

What would be the solution?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,245 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,631 questions
{count} votes

4 answers

Sort by: Most helpful
  1. Yann M 5 Reputation points
    2024-05-09T05:24:11.92+00:00

    Hello,

    Here is the solution:

    • In the domain A, delete the user
    • Synchronize with AAD
    • In Entra ID (O365), restore the deleted user from the trash (this user is no more synchronized)
    • In the domain B, create the same user with the same parameters (in a non sync OU)
    • Launch the following commands to get the AD id of the user:
        import-module ActiveDirectory
        
        $user = Get-ADUser -Filter 'SamAccountName -like "username_de_lutilisateur"'
        
        $immutableid = [System.Convert]::ToBase64String($user.ObjectGUID.tobytearray())
        
        
      
    • Launch the following commands to set this AD id to the user in O365:
    Get-AzureADUser (to get the object id of the destination user)
    
    Set-AzureADUser -ObjectId objectid -ImmutableId $immutableid
    
    
    
    • In the domain B, move the user to a sync OU
    • Synchronize with AAD
    1 person found this answer helpful.
    0 comments No comments

  2. Thiago Beier 1 Reputation point MVP
    2024-05-08T15:26:00.5233333+00:00

    I'm assuming both domains A and B land on the same M365 tenant. therefore,

    domain A:

    • backup ADDS (users and devices, gpos just in case = have a plan)
    • export all users upn, email addresses, proxy smtp addresses, group membership
    • check adds upns

    domain B:

    • upns (create all upns for each domain as in domain A)
    • have a landing "OU" organization unit for migrated users from domain A

    try the following steps

    • move user from domain A to B ( within ADDS )
    • update user upn in domain B
    • remove user from sync in domain A
    • check user in Entra (formely Azure AD)
    • validate upn, email addresses, proxy smtp addresses, licenses
    • should also work for shared mailboxes

    ref.

    https://rdr-it.io/en/admt-active-directory-domain-migration-tool/#google_vignette


  3. Jing Zhou 5,210 Reputation points Microsoft Vendor
    2024-05-09T05:52:34.6366667+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    To migrate user from domain A to B, you can take AAD as a bridge that connects to two doains.

    Migration could contain various parts including but not limited to:

    1.Migrate IAM to AAD following below Microsoft Official Documentation:

    https://learn.microsoft.com/en-us/microsoft-identity-manager/migrate-entra-id

    2.Migrate applications and authentication to AAD:

    https://learn.microsoft.com/en-us/entra/architecture/migration-best-practices

    3.Migrate users to AAD:

    https://learn.microsoft.com/en-us/microsoft-365/admin/setup/manage-domain-users?view=o365-worldwide

    4.Migrate users from AAD to local domain, you can refer to:

    https://learn.microsoft.com/en-us/entra/identity/users/users-bulk-download

    Hope this answer can help you well.

     

    Best regards,

    Jill Zhou


  4. Shweta Mathur 29,756 Reputation points Microsoft Employee
    2024-05-14T05:45:56.1666667+00:00

    Hi @Yann M ,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    User's image

    0 comments No comments