Forum Discussion
Migrate AD User and AADConnect to new Forest (Same O365 tenant)
LIT-RS - I'm not sure the matching will work as each sync'd user account from Forest A will have an immutable ID on the Azure side.
You'll need to clear that for each user in Azure before it'll connect to another on prem sync'd account.
steve_elliott Hi Steve,
Agreed - So plan is: Set-msoluser -UserPrincipalName user1@customdomain.com -ImmutableID "$null"
^ this will be performed on the user that is synced from Forest A. This will then make it "cloud only".
Immediately after that:
Set-msoluser -UserPrincipalName user1@customdomain.com -ImmutableID "%immutableID of the Forest C user's ObjectGuid converted"
^ this will then force (hard match) the cloud account to the Forest C AD user.
Is that would you meant?
- steve_elliottFeb 08, 2021Brass Contributor
LIT-RS - Yep. You just need to clear the immutable ID for the user.
Then when you bring Forest C sync online (assuming it's going to be the same UPN) - matching will happen automatically.
If you are keeping the same UPN's the approach I've personally take would be something like :
Forest A - Disable AD Connect tenant wide using powershell - All accounts will convert to cloud only
Disconnect / Uninstall AD Connect on Forest A
Run MSOL command against all users in tenant, again using PS
Bring AD Connect online in Forest C
Sync - UPN's will match up and sync