Migrate AD User and AADConnect to new Forest (Same O365 tenant)

%3CLINGO-SUB%20id%3D%22lingo-sub-1853314%22%20slang%3D%22en-US%22%3EMigrate%20AD%20User%20and%20AADConnect%20to%20new%20Forest%20(Same%20O365%20tenant)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1853314%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOver%20the%20last%20few%20weeks%20i've%20been%20reading%20a%20lot%20around%20Tenant-to-tenant%20migration%2C%20and%20we've%20been%20playing%20around%20with%20the%20new%20features%20and%20it's%20been%20pretty%20cool.%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20I%20have%20a%20question%20around%20migrating%20AD%20User%20Objects%20and%20standing%20up%20a%20new%20AADConnect%20server%20in%20a%20new%20environment%20but%20still%20syncing%20into%20the%20same%20Azure%20AD%20%26amp%3B%20O365%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20in%20summary%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrent%20Set%20up%3A%3C%2FP%3E%3CP%3E*%20On-Premise%20Active%20Directory%20(AD%20users)%20in%20Forest%20A%3C%2FP%3E%3CP%3E*%20All%20users%20are%20synced%20via%20AAD%20Connect%20server%20in%20Forest%20A%3C%2FP%3E%3CP%3E*%20Hybrid%20with%20Exchange%202016%20in%20Forest%20B%20(two-way%20trust%20with%20Forest%20A)%26nbsp%3B%3C%2FP%3E%3CP%3E*%20All%20mailboxes%20are%20migrated%20to%20Exchange%20Online%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETarget%20Set%20up%3A%3C%2FP%3E%3CP%3EDue%20to%20Business%20reasons%20(change%20in%20datacentre%2Fsupplier)%2C%20we%20want%20to%20continue%20to%20use%20the%20existing%20O365%20Tenant%20and%20Azure%20subscription%2C%20but%20need%20to%20migrate%20AD%20Objects%20(Source%20of%20Authority)%20and%20stand%20up%20a%20new%20AAD%20Connect%20server%20to%20sync%20the%20AD%20objects%20to%20the%20migrated%20mailboxes%20in%20the%20environment.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20the%20Target%20environment%20would%20look%20like%20this%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E*%20All%20AD%20Users%20(source%20of%20authority)%20are%20in%20Forest%20C%20(We%20will%20set%20up%20a%20Two-Way%20trust%20with%20Forest%20A)%3C%2FP%3E%3CP%3E*%20The%20AADConnect%20server%20to%20sync%20all%20objects%20to%20the%20O365%20tenant%20will%20also%20need%20to%20be%20stood%20up%20in%20Forest%20C%3C%2FP%3E%3CP%3E*%20The%20EXO%20mailboxes%20in%20O365%20should%20not%20be%20impacted.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAFAIK%2C%20there%20is%20limited%20documentation%20around%20this%20online%2C%20but%20if%20anyone%20has%20any%20experience%20around%20this%2C%20have%20used%20any%20articles%2C%20or%20can%20think%20of%20any%20gotchas%2C%20would%20be%20good%20to%20get%20your%20views.%3C%2FP%3E%3CP%3EI've%20done%20something%20similar%20with%20a%20few%20previous%20customers%20so%20have%20a%20high-level%20idea%20but%20would%20be%20good%20to%20see%20if%20anyone%20has%20done%20this%20-%20I%20know%20it%20will%20require%20an%20AD%20Migration%20cross-forest%20(maybe%20ADMT%2F3rd%20party%20like%20Quest)%20and%20I%20guess%20the%20UPN's%20will%20change%20for%20the%20users%2C%20but%20more%20around%20planning%20(coexistence%2Fphased%20vs.%20cutover).%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ERon%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1853314%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
New Contributor

Hi guys, 

 

Over the last few weeks i've been reading a lot around Tenant-to-tenant migration, and we've been playing around with the new features and it's been pretty cool. 

However, I have a question around migrating AD User Objects and standing up a new AADConnect server in a new environment but still syncing into the same Azure AD & O365 tenant.

 

So in summary:

 

Current Set up:

* On-Premise Active Directory (AD users) in Forest A

* All users are synced via AAD Connect server in Forest A

* Hybrid with Exchange 2016 in Forest B (two-way trust with Forest A) 

* All mailboxes are migrated to Exchange Online

 

Target Set up:

Due to Business reasons (change in datacentre/supplier), we want to continue to use the existing O365 Tenant and Azure subscription, but need to migrate AD Objects (Source of Authority) and stand up a new AAD Connect server to sync the AD objects to the migrated mailboxes in the environment. 

 

So the Target environment would look like this:

 

* All AD Users (source of authority) are in Forest C (We will set up a Two-Way trust with Forest A)

* The AADConnect server to sync all objects to the O365 tenant will also need to be stood up in Forest C

* The EXO mailboxes in O365 should not be impacted.

 

AFAIK, there is limited documentation around this online, but if anyone has any experience around this, have used any articles, or can think of any gotchas, would be good to get your views.

I've done something similar with a few previous customers so have a high-level idea but would be good to see if anyone has done this - I know it will require an AD Migration cross-forest (maybe ADMT/3rd party like Quest) and I guess the UPN's will change for the users, but more around planning (coexistence/phased vs. cutover). etc.

 

Thanks

Ron 

 

0 Replies