SOLVED

Migrating PC from an Azure AD tenant to another Azure AD tenant

Contributor

Hi all,

 

We're planning to merge another Office 365 tenant into ours, and want to know what to do with the AAD joined devices.

 

I'm thinking that I'll need to:

1. Create a local admin account.

2. Disconnect from old AAD.

3. Log in as local admin.

4. Connect to new AAD.

 

Does that sound right? Are there any potential issues with these steps?

 

EDIT: I just did this last night, and these are the steps I would do if I had to do it again.

1. Create a local admin account.

2. Log in as the local admin account (to ensure it works).

3. Disconnect the machine from the old AAD and reboot.

4. Do the domain transfer. The tenant takes many hours to fully recognize the new domain. For me, emails started flowing quickly (around 10 minutes), but everything else takes longer to complete (minimum 4 hours, but I've read it can take 24 hours).

5. Log in as the local admin account.

6. Try to connect to the new AAD. If it doesn't work, you'll need to wait.

 

11 Replies
Hi Dav,

I've already read that. I'm referring to migrating the PCs over, not the mailboxes.

Hi@Simon_L 

 

Thank you for clarification, so you have registered /joined Devices on Azure Active Directoery , as you move Office 365 users from one account to another , you would also like to make sure registered devices on previous account moved to the new account? Is that correct?

Do you have a DC server syncing to Azure AD?

 

Thank you

Dav,

 

 

Yes, that's correct. We have no on prem servers/services. It's all in Azure AD/Office 365.

Hi@Simon_L 

 

This article shows you how to move Azure resources to either another Azure subscription or another resource group under the same subscription.

 

But you  need to contact support when you need to:

  • Move your resources to a new Azure account (and Azure Active Directory tenant) and you need help with the instructions in the preceding section.
  • Move classic resources but are having trouble with the limitations.

 

  • Azure Active Directory B2C is only listed under services that can be moved.

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources?toc=/azu...

 

Thank you

Dav,

Hi Dav,

I really appreciate you trying to help, but that link doesn't relate to what I'm trying to do. I'm not trying to move Azure services or subscriptions. This is purely about moving to Windows 10 machines from one Azure AD/MDM to another Azure AD/MDM.
best response confirmed by Simon_L (Contributor)
Solution

Your steps outlined above are the correct path. The other option to use if you want to keep the same user profile is using a handy utility called user profile wizard. Link below. It needs to be run as a local admin just FYI. Let me know if you have any questions.

 

https://www.forensit.com/downloads.html

 

@Simon_L 

@Simon_L  hey i am doing the same type of migration just want to see how yours went and if you run into any issues.

I was thinking of following the same steps you outlined. The only difference will be connect to the new AAD they will be using temporarily the onmicrosoft account till the email are completely synced over and the domain is verified will that switch automatically from onmicrosoft to domain.com after on the Azure AD

thanks

 

@Stavros Mitchell 

 

I just did this last night. Some key points that I learnt.

 

It takes several hours for the domain to be fully functional after you transfer it. For example, I tried changing login names to the new domain, and it failed and said to try again in 4 hours. Some sources say it took 24 hours for them to be fully up and running. My experience is that emails are able to flow pretty soon after (thankfully), but you need to do any mail changes (change email addresses, etc) within the Exchange Admin. O365 Admin won't work straight away. So I would do this migration over the weekend. Give yourself 8 hours of downtime.

 

The onmicrosoft.com account doesn't work for everything. I also tried to get users to log in to their laptops with those accounts, and it failed. That was after already joining the laptop to our AAD. So it wasn't an enrollment issue. Once again, I would recommend doing this over a weekend to allow replication to complete and users can log in using their actual username. Thankfully the company I was migrating over aren't too busy. Otherwise I would have been in a lot of trouble.

 

I'm going to edit my original post with the suggested order of tasks.

Thanks for the info!  Were looking to do the same migration for one of our clients.  When you joined to the new AAD, and logged in with the email account from the migrated domain name, was the profile preserved for that user or did it create a new profile?  Thanks!

@Ferrell FullerI think that it does create a new profile. But we did it a while ago now, so I'm not 100% sure. If it does, you can use a profile migration tool to migrate from the old profile to the new profile.