I'm planning an AD consolidation; 1 forest, 1 root, 26 child domains
Plan is to collapse the 26 domains into one of the pre-existing child domains, leaving 1 root. 1 child at the end
However, the plan is to migrate USERS and some SERVERS only... all the users are already synced through AADConnect to azure
COMPUTER accounts will NOT migrate to the target domain - they will become Azure AD native joined devices, to end-user devices will authenticate to Azure, NOT to on-prem AD
on-prem computer accounts will actually cease to exist.
Device transition to azureAD joined will occur PRIOR to AD user account migration
My question is:
What will the end-user experience be for logon when I switch their user account to the target AD domain? - is there any requirement to run resource processing on the workstations? Is there any requirement to do anything else to ensure that logon to AD doesn't break? - If I'm understanding things correctly (and it's early days in my research) - I believe Native Azure joined machines give an SSO experience, involving some linkage back to the AD user account linked to a machine? - I'm going to change that AD user account - do I need to do anything cloud side to have that work seamlessly?
any pointers to any articles / documentation showing how the logon for the user will be impacted would be much appreciated...
TIA
Paul G.