Forum Discussion
Removing on-prem ad and start using office365/intune
Hello, We are using exchange online and on-prem azure with dir sync to office365. we would like to remove the DC and join all computers to intune and move the users to azure ad in cloud. What...
Fast Track can help some, but the primary steps are to get intune working with auto enrollment first. This way when you azure ad join your machines they are managed from the get go. Depending on how many GPO's you had in your onprem deployment, you'll want to get all that setup ahead of time as well. You can setup test intune groups and assign so only those groups get intune when joined.
Once your intune is setup, you can use a tool such as profwiz to disjoined from the domain. Then you have to login local, joined to azure ad, then use profwiz to assign the azure AD user to your old domain profile. Then you can login with minimal disruption to the user and it'll be joined to azuread. With intune and auto enrollment in place, all the policies will apply on first login.
Here is article I've been using to get going on intune deployment it has everything you need, it wasn't too hard but will take a few days to figure out and get things working: https://docs.microsoft.com/en-us/intune/
Once intune is configured and you get your devices all joined and managed to azure ad, the last step really is removing your azure ad connect so you're users can go cloud only so you can disable that sync in the cloud: https://support.microsoft.com/en-us/help/2619062/you-can-t-manage-or-remove-objects-that-were-synchronized-through-the
Once your intune is setup, you can use a tool such as profwiz to disjoined from the domain. Then you have to login local, joined to azure ad, then use profwiz to assign the azure AD user to your old domain profile. Then you can login with minimal disruption to the user and it'll be joined to azuread. With intune and auto enrollment in place, all the policies will apply on first login.
Here is article I've been using to get going on intune deployment it has everything you need, it wasn't too hard but will take a few days to figure out and get things working: https://docs.microsoft.com/en-us/intune/
Once intune is configured and you get your devices all joined and managed to azure ad, the last step really is removing your azure ad connect so you're users can go cloud only so you can disable that sync in the cloud: https://support.microsoft.com/en-us/help/2619062/you-can-t-manage-or-remove-objects-that-were-synchronized-through-the
Yup! The other way around!!
Hello Guys,
Thanks all for the tips!
How about -1. Auto enroll to to intune through GPO
2. stop the sync3. disconnect them from on-prem domain
- If the machines are domain joined then they still will be with intune management after that. I don’t know of a way to automate joining devices strictly to azure ad or I’d be doing it now ;). The goal is cloud only and there is no easy way to convert a domain joined machine to azure joined outside of leaving and joining.
- You could automate that but the only part that need to be Done manually is to disconnect them from domain