Resource processing creates duplicate computer objects in Azure

Hey guys,

we are just in the preparation of an On-Premise AD migration. So it's On-Prem to On-Prem with hybrid connected Azure AD resources.

The AAD Connect is able to to watch into both forests. We have defined by sync rule that a migrated user object should only be synced from the new forest,
when extensionAttribute13 is filled with the string "Migrated". We utilize the correct source anchor, so this is really smooth without disable/enable
O365 licensing.

But for clients in the resource processing it is not that straight forward. Clients are synchronized to Azure and managed by Intune. By migrating the client from A to B
we receive a further object in Azure for the same client. No merging. The new one is quite empty while the former one is filled with information.

duplicate entra devices

What have we done wrong and what is the best practise in such a common scenario?

Best regards,

  • The issue you're encountering stems from AAD Connect syncing devices from both forests. To address this, consider the following strategies:

      1. Create a separate synchronization rule for devices in the new forest. This will ensure that only devices from the new forest are synchronized to Azure AD.

      1. Configure AAD Connect to use a source anchor for devices. This will help to prevent AAD Connect from creating duplicate objects when devices are migrated.

      1. Disable automatic device registration for the new forest. This will prevent new devices from being automatically enrolled in AAD.

      1. Use the Remove-AzureADDevice cmdlet to remove the duplicate device objects. This will remove the extra device objects from Azure AD.

      1. Configure Intune to use the correct source anchor for devices. This will prevent Intune from enrolling devices multiple times.

    By following these steps, you can prevent duplicate objects from being created in Azure AD and Intune when migrating clients from one forest to another.