Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Migrating from AD hybrid to new AD because of company adquisition.

Brass Contributor

I have this scenario where a company have an on-premises domain syncing to Azure AD, and using standard on-premises services like file servers, and also Microsoft 365, all type of Azure services, Intune, etc. Let's call it

The company has a parent company that exist only in paper,

The management team decided to migrate everything under to the new domain That would affect everything, users, files servers on premise, Intune, the old domain, the mailboxes, Onedrive. etc.


What is the best path to manage that migration?

4 Replies
Are you intending to migrate to a brand new Active Directory Forest, or is this closer to a rebranding where you are changing the domain used from to

Technically it is more like a rebranding, but not sure if that can be done. The old domain, needs to disappear and become But everywhere. On premise, on Azure. It will affects everything.
No sure what is the best patch considering the sheer amount of moving parts. In an old world migrating to a new on-premise domain should do it. But because of the deep integration with Azure and Office 365 tenant, the problem is way more complex.
Ok, cool. Unless I've misunderstood, I would recommend trying to go down the route of adding as an additional suffix to the existing AD, and then adding to your AzureAD Connect/AzureAD.

While the AD domain internally would still be company.local or, adding as an additional suffix means that you can change users UPN from email address removed for privacy reasons to email address removed for privacy reasons. so for sign into the domain and Azure they would use the new suffix (as well as for email etc).

While there would be some reconiguration, it would certainly be less disription than ripping out AD/Azure and starting over again.

If there is a real need to rename the On Prem AD domain, there is a process to do this, although I've done done this myself and is quite involved.

So the parent entity doesn't have any AD or Azure AD insfrastructure or presence. This is simply rebranding with new email adresses?

@HidMov pretty much has it right. You can add the new has a allowed upn suffix in AD, verify it in Azure Ad starting changing users primary email address and UPN's.

I would do some reading on the impact of doing this to SharepointOnline and Ondrive especially when users have shared content out their OneDrive and someone else is hitting that share, If I recall correctly OneDrive URLs get changed and so does Sharepoint