Forum Discussion
Migrate AD User and AADConnect to new Forest (Same O365 tenant)
saifs19802210 Hi Saifs,
Thank you so much for your response.
So instead of using ADMT, we have created brand new users in Forest C. So at the moment, they are ForestA.Local UPNs. But these are not being synced YET.
In our New AADConnect in Forest C, we have added the Forest A users into the scope to be synced. At the moment, new AADconnect server is in Staging mode.
So the plan is:
1. Add the users from Forest A OU's into Scope onto my new Forest C AADConnect in Staging Mode
2. Make the staging mode server in Forest C as Primary Server. Hopefully no change to users at this stage
3. Add a test number of users to Sync from Forest C. This should mean they are synced but not matching the cloud users YET.
4. So I need to then manually change the UPN of the Forest A users from username@externaldomain.com to username@tenantname.onmicrosoft.com and then change the Forest C synced users' UPN to username@externaldomain.com - If that doesn't work automatically, I will need to manually hardmatch the Forest C user to the cloud user by setting the Immutable ID
That should work hopefully.
My only concern is if Azure doesn't like the same custom domain name (Externaldomain.com) coming from 2 Forests - i don't think that should be an issue?
At this stage if you could only select a test OU to sync with custom domain (Externaldomain.com). Better you create one first in Forest A and sync to O365 and also assign a license to it. Just to show that this is a working user in our tenant.
Then when you are planning for switchover, just play with this user and turn off Azure AD Connect from O365 portal, move this user using ADMT to Forest C in Forest C syncing OU
Turn on the Azure AD Connect in Forest C and only sync test OU where this user is moved to. Finally start the sync and login into O365 portal to see the behavior.
Also for another point: 4. The only thing which comes in to my mind is duplication of accounts. But I suggest that is why bring the test user as I said above in scope of Forest C and create same new account of test user in forest C and then change UPN.
I mean playing with a test user will only help hear OR a LAB which I posted earlier since there are very less people in MS who might have done it hence I suggest play with test users for now and don't jump right in.