Migrating domain from federated authentication to managed - How long?

Kiwi_AKL 21 Reputation points
2021-07-27T08:51:08.943+00:00

Hi, we are about to migrate from a federated domain to a managed domain using the "Set-MsolDomainAuthentication -Authentication Managed -DomainName xxx" command. Does anybody have any idea how quickly the users will be converted to start using PTA? I've read previously around 5000 accounts/hour?

The staging conversion to enable the ""PassthroughAuthentication" feature flag seemed relatively quick, but it was for a small number of users.

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,795 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 36,851 Reputation points Microsoft Employee
    2021-07-27T21:50:35.343+00:00

    It depends on a number of factors such as network connectivity and system performance. This TechNet blog also documents ~5000 users per hour, but it may be faster or slower than that.

    The official documentation recommends upgrading to the latest version of AD Connect because doing so can potentially reduce the conversion time from hours to minutes, but still mentions that it can take four hours if there are legacy authentication methods in place.

    This additional Microsoft post documents that a switch from federated identity to synchronized identity takes two hours plus an additional hour for each 2,000 users in the domain.

    So judging from these three sources, it seems that up to four hours can be expected, though it may not take that long.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.