We are in the middle of a migration of two on premises Active directory forests which are both synced with one adconnect server (in a new domain/forrest) to our remaining office 365 tenent to a new forrest. The new forest has on prem Dc''s and Azure Dc''s, wap and ads servers. We have migrated all of our students and teachers to exchange online from on prem exchange and a other tenant. The advisor we hired to help us with the user migration setup a admt server in the new for- rest and wrote a procedure to place users in the old domains in a unsynct OU, migrate user and groups to the new domain. Reset the Immutable ID with a powershell script and then place them in a OU that you would sync.
Scary things happen when a user is placed in a unsynced OU and is no longer in sync. In office 365 the user is removed! After following al steps the user is placed in the new domain en is again in sync. The mailbox is returned but all the old smtp addresses where gone. This method is a no go.
We decided to do some research because we wanted a better way and found a way where you would disable the sync so that all users would become cloud users. We can then migrate all 8000 students and 1100 teachers and staff to the new domain with admt and reset the immutable ID's so that we can sync again. This scenario looks promising because the mail and office 365 stay available and we can migrate the schools one at the time. And after resetting the Imm. ID. we can start syncing the OU so that users can change there passwords again etc.
The question is if this is a scenario that works or perhaps there is a even better scenario?
Don't know if this is the right place but got to start somewhere.