Microsoft Entra ID & user domain migration change

Question

Hello,

We have 2 distinct AD domains A and B in our company (without any approbation) : both are synchronized with our single tenant using Azure AD Connect.

We want to migrate all our users from A to B and to keep the same Office 365 setting for those users.

To make it simple, once we have migrated the domain of a user, we want to keep the same mailbox, O365 licences...

What would be the solution?

Answer 1

Hello,

Here is the solution:

• In the domain A, delete the user
• Synchronize with AAD
• In Entra ID (O365), restore the deleted user from the trash (this user is no more synchronized)
• In the domain B, create the same user with the same parameters (in a non sync OU)
• Launch the following commands to get the AD id of the user:

    import-module ActiveDirectory
    
    $user = Get-ADUser -Filter 'SamAccountName -like "username_de_lutilisateur"'
    
    $immutableid = [System.Convert]::ToBase64String($user.ObjectGUID.tobytearray())
    
    
  

• Launch the following commands to set this AD id to the user in O365:

Get-AzureADUser (to get the object id of the destination user)

Set-AzureADUser -ObjectId objectid -ImmutableId $immutableid

• In the domain B, move the user to a sync OU
• Synchronize with AAD

Answer 2

I'm assuming both domains A and B land on the same M365 tenant. therefore,

domain A:

• backup ADDS (users and devices, gpos just in case = have a plan)
• export all users upn, email addresses, proxy smtp addresses, group membership
• check adds upns

domain B:

• upns (create all upns for each domain as in domain A)
• have a landing "OU" organization unit for migrated users from domain A

try the following steps

• move user from domain A to B ( within ADDS )
• update user upn in domain B
• remove user from sync in domain A
• check user in Entra (formely Azure AD)
• validate upn, email addresses, proxy smtp addresses, licenses
• should also work for shared mailboxes

ref.

https://rdr-it.io/en/admt-active-directory-domain-migration-tool/#google_vignette

Answer 3

Hello,

 

Thank you for posting in Q&A forum.

To migrate user from domain A to B, you can take AAD as a bridge that connects to two doains.

Migration could contain various parts including but not limited to:

1.Migrate IAM to AAD following below Microsoft Official Documentation:

https://learn.microsoft.com/en-us/microsoft-identity-manager/migrate-entra-id

2.Migrate applications and authentication to AAD:

https://learn.microsoft.com/en-us/entra/architecture/migration-best-practices

3.Migrate users to AAD:

https://learn.microsoft.com/en-us/microsoft-365/admin/setup/manage-domain-users?view=o365-worldwide

4.Migrate users from AAD to local domain, you can refer to:

https://learn.microsoft.com/en-us/entra/identity/users/users-bulk-download

Hope this answer can help you well.

 

Best regards，

Jill Zhou

Answer 4

Hi @Yann M ,

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.