Forum Discussion

Ramikin's avatar
Ramikin
Copper Contributor
Jun 06, 2024

Migrating users from on-prem AD to AzureAD only

Hello,

We are in the process of migrating to AzureAD for all users and devices.

Users are currently synced from on-prem AD to AzureAD using the Azure Directory Sync tool.

We don't have a significant number of users, and so use a manual process, that has problems.

 

To migrate users, our current process is as follows:

  1. Move the user in on-prem AD to an OU that is not part of the Directory Synchronisation
  2. Run a delta sync on the Sync Tool
  3. In AzureAD, the user is deleted. We manually re-enable them

The problem is that in carrying out this process, the user is removed from all the Teams Private Channels that they were a member of (they retain the overall team membership).

 

Is there a better way to break the AD sync for a user, retaining them in AzureAD and also retaining all their private channel memberships?

 

Thanks in advance.

 

    • Ramikin's avatar
      Ramikin
      Copper Contributor
      I've read about the process. The literature on this is not totally clear though.

      If we disable the sync, will AzureAD identities remain enabled and in their exact state as it was prior to disabling the sync? If so this would suggest the Private Channels problem would be avoided.

      So far, I've been avoiding a whole scale change that affects all users in one fell swoop because of the problems we've been experiencing. I could do with some clarity that we'd be ok with this approach.
      • The only thing that changes with the objects is that they are no longer "locked" for editing in the cloud, all their properties remain as they were (and will match the state of the corresponding AD object before you disabled the sync). You can always re-enabled dirsync if you run into any unexpected issues.

Resources