Migrate users from forest to a forest containing linked mailboxes

Watkins, Dean (He/Him/His) 6

Our scenario is as follows:

Users reside in Forest A.
Linked Mailboxes reside in Forest B.

AD Connect is set to: users based on ObjectSID and MSExchangeMasterAccountSID
ADC Anchor Source: adminDisplayName

We want to migrate users from Forest A to Forest B (resource forest).
Mailboxes are NOT being migrated, just users. (adminDisplayName is populated and will remain same post migration)

AD Connect currently Syncs users fom Forest A, and Exchange objects from Forest B

We have a process to ensure users are only synced to Azure from one forest.

Question is, with the current ADC configuration, will there be problems.

Thank you

Joyce Shen - MSFT 16,651 Reputation points

2021-12-01T02:02:02.967+00:00

Hi @Anonymous

According to your description to your current environment, this is the support scenario.

If we want to create a hybrid scenario with our resource forest and Exchange Online we have to implement Azure AD Connect first. Azure AD Connect will synchronize account information from the account forest, and linked mailbox information from the resource forest. To achieve this, we have to setup a multi-forest synchronization model (which is also fully supported by Microsoft).
The Azure AD Connect server will be installed in the account forest. To retrieve the information about the mailboxes from the resource forest.
The Azure AD Connect server (which is running in the Account Forest) combines the two accounts based on the objectSID and MSExchMasterAccountSid and synchronizes this ‘joined’ account information to Azure Active Directory

Here is the link introduced the detailed information: EXCHANGE RESOURCE FOREST AND OFFICE 365
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Watkins, Dean (He/Him/His) 6 Reputation points

2021-12-01T04:27:11.18+00:00

Thank you for your replay. Yes this is exactly how it is now and it working.

But what we wil be doing is moving user objects to the resource forest as the current account forst will be decommissioned. Basically we are merging forests into one.

As these are linked mailboxes, I assume once we have migrated users over, we would have to relink (for want of a better word) these mailboxes to the migrated user accounts rather than the disabled accounts in the resource forest.

How will AD Connect synchronization and subsequently, Office 365, be affected? This is our main concern.

Thanks again for your reply
Watkins, Dean (He/Him/His) 6 Reputation points

2021-12-01T23:34:06.013+00:00
Just to clarify my question:

We have currently

Users in Forest A

Linked Mailboxes in Forest B

all is working as per design

What we will do

Moving users from Forest A to Forest B

So the realy question, is what has to be done so users continue with O365 with no disruption
Joyce Shen - MSFT 16,651 Reputation points

2021-12-02T06:35:31.297+00:00

Hi @Anonymous

Do you want to keep ForestB still syncing to o365?

I'm afraid you could not migrate users from forest A to B on-prem directly then sync the attributes to o365, this may cause duplicate attributes. The supported way should be like you migrate all user and their mailboxes to cloud. And if you want to keep forest B, then you sync them back to on-prem.

Since this scenario is more related to azure ad side, to get more information, you could contact azure ad to get further support, thanks for your understanding!
Watkins, Dean (He/Him/His) 6 Reputation points

2021-12-02T21:37:47.917+00:00

we will be moving Forest A user objects out of range of AD Connect. We plan to sync from Forest B
Joyce Shen - MSFT 16,651 Reputation points

2021-12-08T06:21:57.367+00:00

Hi,

I only found the step-by-step guide for DECOMMISSION AN EXCHANGE RESOURCE FOREST IN A HYBRID ENVIRONMENT, it's better to contact azure ad engineers for your concern performing this operation, thanks for your understanding!

2 answers

Tony NZ 1 Reputation point

2022-04-12T20:31:52.717+00:00

@Anonymous Did you ever get a resolution to your scenario? I am in exactly the same situation as you have described it here -->

We want to migrate users from Forest A to Forest B (resource forest).
* Mailboxes are NOT being migrated, just users. (adminDisplayName is populated and will remain same post migration)
* AD Connect currently Syncs users from Forest A, and Exchange objects from Forest B
* We have a process to ensure users are only synced to Azure from one forest.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
TheWoodCutter 101 Reputation points

2022-09-18T11:30:47.473+00:00
My suggestion is a bit break fix here.
just test this first on a pilot users.

move users to non-syncing OU > users will be deleted in azure and you have to restore them back in azure
Users status will be online once you do this....

Add upn suffix in Forest B...

Create users> ( export form Forest A and import them here in forest B.

Run azure AD connect and sync them ...if soft match fails you will be doing hard match..
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

Migrate users from forest to a forest containing linked mailboxes

2 answers