Forum Discussion
Merge/move 2 AD's and 1 Office 365 tenant to new AD
I've stepped into a mess and need to figure a way out. Our current situation:
Two locations with separate AD's:
- location one - location1.company.com
- location two - location2.local
One Office 365 Business Premium tenant
- connected to AD location2.local via AAD Connect w/ Password Hash Sync
- userPrincipalName - company.com (SMTP address)
- AD location1.company.com is not connected, but users are manually created in Office 365 (local AD and Office are separate user accounts).
What I'd like is to create a new Forest corp.company.com and migrate EVERYTHING to that but the userPrincipalName still be company.com. What steps/procedures will I have to take to achieve this?
Hi,
This is based purely on what you have outlined above and it's a personal opinion - others will have their own.
1.) Cut AAD Connect on Location two so the AD and 365 tenant is separate.
2.) Set all 365 users UPN to @company.com, mail addresses remain the same
3.) Build new Forest corp.company.com
4.) Consolidate the AD's into the new forest
5.) In AD all users to have a UPN Suffix of @company.com, or UPN of @company.com
6.) Install Member Server/Azure AD Connect
7.) Ensure the AD objects have the right mail address
8.) Soft match the users from new Forest to 365
That's a general overview. It's probably best to take a step back and disentangle what's there first even if it means having cloud users and separate credentials for a period of time.
Hope that helps
Best, Chris
8 Replies
Hi,
This is based purely on what you have outlined above and it's a personal opinion - others will have their own.
1.) Cut AAD Connect on Location two so the AD and 365 tenant is separate.
2.) Set all 365 users UPN to @company.com, mail addresses remain the same
3.) Build new Forest corp.company.com
4.) Consolidate the AD's into the new forest
5.) In AD all users to have a UPN Suffix of @company.com, or UPN of @company.com
6.) Install Member Server/Azure AD Connect
7.) Ensure the AD objects have the right mail address
8.) Soft match the users from new Forest to 365
That's a general overview. It's probably best to take a step back and disentangle what's there first even if it means having cloud users and separate credentials for a period of time.
Hope that helps
Best, ChrisOh yes, I like this idea. I knew I would probably have to take a step or two backwards, but I never considered disconnecting O365.
So basically to super simplify it,
- disconnect the sync,
- create new forest
- join domains to new forest
- reconnect to original tenant
What if before reconnecting to O365 I wanting to merge old AD's to forest domain? Would you recommend ADMT?
Thanks,
Remo
- Yes! Admt will do! It depends how many objects and the structure of the current ad’s too! Sometimes its just more ideal to create from scratch- having a clean AD! Too many ads out there are a mess! But of course this might not be feasible:)
- In short, If you are creating a new Forest and new Ad’s and have all accounts in it you need to do a migration as you surely know! Before that stop the sync and uninstall the ad connect! Users will now be cloud only!
Do migration of AD objects to new AD
then you apply the UPN of company.com etc in Ad, then set up ad connect and soft match the users in office 365
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-features
Adam
