Forum Discussion

Pranavsethuraman10's avatar
Pranavsethuraman10
Copper Contributor
Apr 24, 2026

Best approach for migrating AD joined devices to Entra ID without wiping user profiles?

We’ve seen many organizations struggle with device migration when moving from traditional Active Directory (AD) or hybrid environments to Microsoft Entra ID. The biggest challenge is avoiding user d...
microsoft intune
windows 11
PaulJebastin's avatar
PaulJebastin
Brass Contributor
Apr 28, 2026

Microsoft currently does not support an in-place conversion from traditional Active Directory (AD) or Hybrid AD to Microsoft Entra ID join. The official recommendation remains a wipe/reset followed by Autopilot deployment.

You can try scripted migration approach to avoid user disruption. This involves transitioning devices individually from on-prem AD to Entra ID.

A few key considerations if you go down this path:

  • Keep Azure AD Connect in place during the transition so user identities stay consistent while devices are migrated gradually.
  • Prepare your environment in advance: Move Group Policy Objects (GPOs) to Intune, Enable automatic MDM enrollment
  • Review Conditional Access policies, Validate line-of-business apps and file share access
  • Ensure a local admin account is available on devices to prevent lockouts
  • Back up user data (e.g., OneDrive Known Folder Move or local backup) before starting
  • Typical migration flow (no wipe approach)
  • Remove the device from the on-prem domain and restart
  • Join the device to Microsoft Entra ID (via Access work or school or provisioning package)
  • User signs in with Entra ID → a new profile is created
  • Migrate data from the old profile (manually or using a tool)
  • Re-enroll the device into Intune
  • Reapply applications, policies, and security configurations
  • Validate core services (Outlook, Teams, OneDrive, internal business apps)

Tools worth considering

Depending on your scale and budget, these tools can simplify the process:

  1. Opsole (Recommended) - https://opsole.com/migrate-hybrid-joined-to-entra-id-without-wipe Preserves BitLocker, apps, user state, also handles tenant to tenant works without VPN or DC connectivity
  2. Profile Wizard (Profwiz) - https://www.forensit.com/domain-migration.html + Scripted workflow
  3. Quest Software - https://www.quest.com/products/on-demand-migration/device-migration.aspx
  4. PowerSyncPro - https://kb.powersyncpro.com/en_US/migration-agent/how-to-bulk-migrate-workgroup-joined-endpoints-to-entra-id