Forum Discussion
Looking for opinion: Unjoin Hybrid AD, or migrate to new tenant?
Hello,
So I have a bit of a conundrum, and I'm not sure which is the better option.
Situation: We currently have an Entra-Hybrid AD environment. Our local AD is a .lan domain, and has almost 30 years of historical garbage (none of it is required anymore). All of our endpoints are already setup for Intune, and all apps/policies are being pushed from Intune. We have two servers that we will migrate to Entra hosted VMs, so are not a big concern.
My question is this:
1) If we disconnect our Hybrid-AD connection, how do we make sure all users are cloud sync'd and no longer pulling from local AD.
2) Is there a way to formally disconnect our Entra tenant from our AD Sync tool (so that its no longer expecting that domain).
3) How do we remove our old domain from the Entra-ID Tenant?
3) Our current tenant was setup in a hurry, and was not setup with very good governance or any real organization. Is there a good service that can help "clean up" an existing tenant?
3) Would it be easier to simply create a new Tenant, set it up with best practices, migrate the users, email, onedrive and SP, and then re-join the Intune devices as the final setup?
Looking for recommendations/suggestions/pitfalls to look out for while doing this.
Thank you,
Please see the below but don't forget to link in security and risk teams to perform a full BIA and RA for either methods. Then stick it through CAB.
https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloud. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloud. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/entra/identity/hybrid/common-scenarios.
https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://www.alitajran.com/disable-active-directory-synchronization/:
- https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-uninstall.
- https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://www.alitajran.com/disable-active-directory-synchronization/.
- https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/answers/questions/325812/how-to-disconnect-ad-connect-from-local-ad.
https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/entra/identity/domain-services/delete. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/entra/identity/domain-services/delete.
For cleaning up an existing tenant, you might consider hiring professional cleaning services. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://merrymaids.co.uk/about-merry-maids/rental-properties/for-tenants/https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://helloservices.co.uk/cleaning-services/end-of-tenancy-cleaning/, and others offer comprehensive cleaning services that could help you organize and clean up your tenant.
Creating a new Tenant, setting it up with best practices, migrating the users, email, OneDrive, and SharePoint, and then re-joining the Intune devices as the final setup could be a viable option. However, it would require careful planning and execution. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://www.youtube.com/watch?v=KJRMr6O3PQUhttps://www.youtube.com/watch?v=CgYkWcRZhEY. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://www.youtube.com/watch?v=XrE1BQNyBUI. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwidehttps://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-onedrive-migration-step4?view=o365-worldwidehttps://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-onedrive-migration-step3?view=o365-worldwidehttps://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-onedrive-migration-step1?view=o365-worldwide.
Please note that these are general guidelines and the exact steps may vary based on your specific setup and requirements. I hope I've covered the main caveats.
2 Replies
Please see the below but don't forget to link in security and risk teams to perform a full BIA and RA for either methods. Then stick it through CAB.
https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloud. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloud. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/entra/identity/hybrid/common-scenarios.
https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://www.alitajran.com/disable-active-directory-synchronization/:
- https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-uninstall.
- https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://www.alitajran.com/disable-active-directory-synchronization/.
- https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/answers/questions/325812/how-to-disconnect-ad-connect-from-local-ad.
https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/entra/identity/domain-services/delete. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/entra/identity/domain-services/delete.
For cleaning up an existing tenant, you might consider hiring professional cleaning services. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://merrymaids.co.uk/about-merry-maids/rental-properties/for-tenants/https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://helloservices.co.uk/cleaning-services/end-of-tenancy-cleaning/, and others offer comprehensive cleaning services that could help you organize and clean up your tenant.
Creating a new Tenant, setting it up with best practices, migrating the users, email, OneDrive, and SharePoint, and then re-joining the Intune devices as the final setup could be a viable option. However, it would require careful planning and execution. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://www.youtube.com/watch?v=KJRMr6O3PQUhttps://www.youtube.com/watch?v=CgYkWcRZhEY. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://www.youtube.com/watch?v=XrE1BQNyBUI. https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloudhttps://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwidehttps://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-onedrive-migration-step4?view=o365-worldwidehttps://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-onedrive-migration-step3?view=o365-worldwidehttps://learn.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-onedrive-migration-step1?view=o365-worldwide.
Please note that these are general guidelines and the exact steps may vary based on your specific setup and requirements. I hope I've covered the main caveats.
