Hi guys,
hopefully is ok to ask this question here, it is more Microsoft related, but I guess all consultants migrating with Quest might face these kind of issues.
I am currently migrating a customer where we are consolidating several AD domains into one. With Quest Migration Manager for AD we are moving accounts and clients. On the Quest side, everything works great so far, but we have some problems to make the whole migration process even cleaner for the user.
The user accounts are already pre-migrated and are not a problem. When the client is migrated,
we just set an attribute on the user account so that the AAD Connect knows that it should now synchronize it from the new domain.
However, we have some problems with the client. The move to the new domain works cleanly and naturally, new GPOs are then created in the new domain. The biggest challenge, however, is the
Workplace or the hybrid join. The device still has to be synced to the cloud, the user has of course just logged in and wants to work. However, the workplace join is not yet complete at this point
and the user receives a lot of MFA pop-ups from the Federated MFA provider Authpoint.
It has been shown that if some time passes by and the user restarts again, the
Workplace Join works and the user no longer receives multiple MFA Auth requests.
Have you had similar experiences with on-premise client migrations with M365 connection?
Would it be best to prevent the Workplace Join in the new domain for the time being?
Best regards,
Christian