cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Merge/move 2 AD's and 1 Office 365 tenant to new AD

Remo Pistor
Copper Contributor

‎Jan 23 2019 01:43 PM - edited ‎Jan 23 2019 01:44 PM

‎Jan 23 2019 01:43 PM - edited ‎Jan 23 2019 01:44 PM

Merge/move 2 AD's and 1 Office 365 tenant to new AD

I've stepped into a mess and need to figure a way out. Our current situation:

Two locations with separate AD's: 

  • location one - location1.company.com
  • location two - location2.local

One Office 365 Business Premium tenant

  • connected to AD location2.local via AAD Connect w/ Password Hash Sync
  • userPrincipalName - company.com (SMTP address)
  • AD location1.company.com is not connected, but users are manually created in Office 365 (local AD and Office are separate user accounts).

What I'd like is to create a new Forest corp.company.com and migrate EVERYTHING to that but the userPrincipalName still be company.com. What steps/procedures will I have to take to achieve this?

 

9,192 Views
0 Likes
8 Replies
Reply
8 Replies
adam deltinger

‎Jan 23 2019 02:08 PM

‎Jan 23 2019 02:08 PM

Re: Merge/move 2 AD's and 1 Office 365 tenant to new AD

In short, If you are creating a new Forest and new Ad’s and have all accounts in it you need to do a migration as you surely know! Before that stop the sync and uninstall the ad connect! Users will now be cloud only!
Do migration of AD objects to new AD
then you apply the UPN of company.com etc in Ad, then set up ad connect and soft match the users in office 365

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-features

Adam
1 Like
Reply
best response confirmed by Remo Pistor (Copper Contributor)
Christopher Hoard

‎Jan 23 2019 02:10 PM - edited ‎Jan 23 2019 02:19 PM

‎Jan 23 2019 02:10 PM - edited ‎Jan 23 2019 02:19 PM

Solution

Re: Merge/move 2 AD's and 1 Office 365 tenant to new AD

Hi,

This is based purely on what you have outlined above and it's a personal opinion - others will have their own.

1.) Cut AAD Connect on Location two so the AD and 365 tenant is separate.
2.) Set all 365 users UPN to @company.com, mail addresses remain the same
3.) Build new Forest corp.company.com
4.) Consolidate the AD's into the new forest
5.) In AD all users to have a UPN Suffix of @company.com, or UPN of @company.com
6.) Install Member Server/Azure AD Connect
7.) Ensure the AD objects have the right mail address
8.) Soft match the users from new Forest to 365

That's a general overview. It's probably best to take a step back and disentangle what's there first even if it means having cloud users and separate credentials for a period of time.

Hope that helps

Best, Chris

1 Like
Reply
Remo Pistor

‎Jan 23 2019 02:38 PM

‎Jan 23 2019 02:38 PM

Re: Merge/move 2 AD's and 1 Office 365 tenant to new AD

@Christopher Hoard 

Oh yes, I like this idea. I knew I would probably have to take a step or two backwards, but I never considered disconnecting O365.

So basically to super simplify it,

  • disconnect the sync,
  • create new forest
  • join domains to new forest
  • reconnect to original tenant

What if before reconnecting to O365 I wanting to merge old AD's to forest domain? Would you recommend ADMT?

 

Thanks,

Remo

2 Likes
Reply
Christopher Hoard

‎Jan 23 2019 02:45 PM

‎Jan 23 2019 02:45 PM

Re: Merge/move 2 AD's and 1 Office 365 tenant to new AD

Correct, that's how I would approach it to keep it as simple as possible. I would 100% merge the old AD's before reconnecting so you have 1 365 tenant, 1 AD. It's very simple after that point.

ADMT is usually the tool that most organisation use to consolidate AD so would be recommended.

Best, Chris
1 Like
Reply
adam deltinger

‎Jan 23 2019 02:46 PM

‎Jan 23 2019 02:46 PM

Re: Merge/move 2 AD's and 1 Office 365 tenant to new AD

Yes! Admt will do! It depends how many objects and the structure of the current ad’s too! Sometimes its just more ideal to create from scratch- having a clean AD! Too many ads out there are a mess! But of course this might not be feasible:)
1 Like
Reply
Remo Pistor

‎Jan 23 2019 02:46 PM

‎Jan 23 2019 02:46 PM

Re: Merge/move 2 AD's and 1 Office 365 tenant to new AD

Awesome. Thanks for the guidance!
0 Likes
Reply
Remo Pistor

‎Jan 23 2019 02:48 PM

‎Jan 23 2019 02:48 PM

Re: Merge/move 2 AD's and 1 Office 365 tenant to new AD

AD's are not overly complicated or large. Probably less than 500 objects.
1 Like
Reply
adam deltinger

‎Jan 23 2019 02:51 PM

‎Jan 23 2019 02:51 PM

Re: Merge/move 2 AD's and 1 Office 365 tenant to new AD

Alright! I’ll think you do good : )

Adam
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Remo Pistor (Copper Contributor)
Christopher Hoard

‎Jan 23 2019 02:10 PM - edited ‎Jan 23 2019 02:19 PM

‎Jan 23 2019 02:10 PM - edited ‎Jan 23 2019 02:19 PM

Solution

Re: Merge/move 2 AD's and 1 Office 365 tenant to new AD

Hi,

This is based purely on what you have outlined above and it's a personal opinion - others will have their own.

1.) Cut AAD Connect on Location two so the AD and 365 tenant is separate.
2.) Set all 365 users UPN to @company.com, mail addresses remain the same
3.) Build new Forest corp.company.com
4.) Consolidate the AD's into the new forest
5.) In AD all users to have a UPN Suffix of @company.com, or UPN of @company.com
6.) Install Member Server/Azure AD Connect
7.) Ensure the AD objects have the right mail address
8.) Soft match the users from new Forest to 365

That's a general overview. It's probably best to take a step back and disentangle what's there first even if it means having cloud users and separate credentials for a period of time.

Hope that helps

Best, Chris

View solution in original post

1 Like
Reply