Plan your Active Directory cleanup before synchronizing it to Microsoft 365
An organization must first clean up its Active Directory before synchronizing it to Microsoft 365. Typically, older AD environments have some User and Group objects that have been inactive for months and sometimes years. Before an organization migrates its Organizational Unit (OU) to its clean cloud environment, it should take inventory of the objects that can help its migration.
Taking inventory of these items typically includes the following steps:
Ensure that each user who will be assigned a Microsoft 365 service offering has a valid and unique email address in the proxyAddresses attribute.
Remove any duplicate values in the proxyAddresses attribute.
If possible, ensure that each user who will be assigned a Microsoft 365 service offering has a valid and unique value for the userPrincipalName (UPN) attribute in the user’s user object.
- For best synchronization experience, ensure that the on-premises Active Directory UPN matches the cloud UPN.
- If a user doesn't have a value for the userPrincipalName attribute, then the user object must contain a valid and unique value for the sAMAccountName attribute.
- Remove any duplicate values in the userPrincipalName attribute.
The following are optional attributes that will optimize the Global Address List (GAL):
- givenName
- surname
- displayName
- Job Title
- Department
- Office
- Office Phone
- Mobile Phone
- Fax Number
- Street Address
- City
- State or Province
- Zip or Postal Code
- Country or Region
An organization can use the ID Fix tool if it has multiple accounts in its Active Directory that have prohibited naming conventions. The ID Fix tool identifies accounts and their attributes that aren't within the Microsoft 365 standard naming conventions. It can also provide suggested names, or the organization can provide the naming format.
Additional reading. For more information, see ID Fix tool.