I want to do some brainstorming and get your Ideas.
I have an AD Forest as in the following picture
Tree Root (Forest) connected to Azure Cloud Tenant and all users and devices from the Trees.
demoorg.local and subdomains synced to the Azure Cloud Tenant.
Users from xy.demoorg.local & xz.demoorg.local is using the same upn (domain name to log in to E-Mail, Teams.
All devices are Hybrid joined. (Conditional Access is not in use)
Pass Hash Authentication is activated.
E-Mail server is Exchange but the on-prem and e-mail server uses only users from xy.demoorg.local & xz.demoorg.local
There is no Cloud app or other cloud resources using the xy.demoorg.local & xz.demoorg.local
All Devices from xy.demoorg.local & xz.demoorg.local managed from local GPO.
All users use only a password and username for a Windows Sign-In (There is no Windows Hello or Pin or Security Key in use)
I want to create a new Azure Tenant (only one tenant) and connect all users and devices from my xy.demoorg.local & xz.demoorg.local (demoorg.local tree) to the new Tenant and disconnect the tree from the Tenant which is already connected now.
As I know first I need to delete all synced devices and unregister my domain name (used for Teams and Outlook Sign-in) from the old tenant and register my domain in the new Tenant.
Then I want to sync all devices and users to the new Tenant.
Is It possible?
If yes, which scenarios are available there, and which scenario do you prefer?
If there will be downtime during the migration?
Which other questions should I answer?
Or maybe I should separate my own tree from the forest and then connect it to the new Tenant