Hi @bizcntradmin · Thank you for reaching out.
For this purpose, you need to run Azure AD Connect wizard and select Pass-through authentication (PTA) under User Sign-in as highlighted below. A PTA agent will be installed on the AD Connect server, you may install another agent on any domain joined machine for fault tolerance.
How to perform this migration?
- Enable pass-through authentication. Please refer to https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
- Disable Federation with ADFS by using Convert-MsolDomainToStandard cmdlet.
- (Optional) Enable Password Hash Synchronization (PHS) as backup option for Pass-through Authentication (PTA). Refer to https://learn.microsoft.com/en-us/answers/questions/10981/azure-active-directory-sign-in-disaster-recovery.html
Would there be a downtime and risk on doing this?
Although there won't be a downtime and not much risk involved, I would still recommend you to schedule a downtime window for this activity. Just in case, if anything goes wrong (due to network/firewall/other restrictions), you can revert the changes.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.