OnPremise-Hybrid To OnPremise-Hybrid Scenario. How to handle Azure AD Join/register cutover ?

Hi All

I looked around the documentations and in the forum, but i've not really found a clear answer to my question.

I have to manage for a company, a carve out... Company SOURCE splits in two parts, so Company TARGET will have to migrate some selected objects from the SOURCE company.

The source is an Hybrid AD-365 environment, the Target is also a brand new hybrid AD-365. Each environment has is own Azure AD connect server, syncing his objects to his tenant.

We decided to use ON DEMAND MIGRATION with AD Migration licenses and other addons, for this project.

I have a working On Demand dirsync between both ADs, i have a workflow that syncs with SIDHistory the selected objects to the TARGET AD Domain, and those objects are successfully synced to TARGET 365.

On demand is currently "migrating" 365 DATA (mails, sharepoint, teams, onedrive), and so far so good.

The plan is to :

- migrate computers / users to the new AD, and instruct them to use their target ad account to login

- Then migrate / switchover their 365 accounts to the new tenant and in parallel migrate the AD integrated apps (or other apps) form source to target. Using the sidhistory until all is migrated will keep them a good access to non migrated applications.

I'm currently trying to pilot the "AD Computers (and users)" migration. Computers are Hybrid AZURE AD Joined and register in the SOURCE. intune is in use in source

The customer plans to use Intune also in Target

I'm able to "cutover" AD Computers to my TARGET AD, and instruct users to logon with TARGET ACCOUNT, successfully. Once there, i'm asked to "register again" 365, in order to be able to use my 365 Account that is still in the SOURCE Tenant at this time. SO users register again with ther source account, and the computer is still hybrid-joined and registered to the SOURCE 365 tenant, while in the TARGET AD Domain (knowing that the AD Computer account is replicated from Target AD to Target 365 AD..)

So now THE PROBLEM I am facing

I didn't figure out yet how to be able to CUTOVER the AD COMPUTER, HYBRID AZURE AD JOIN THE COMPUTER to the Target AZURE AD, and instruct the users to continue using their SOURCE 365 Account for accessing their data.

I tried to use the On demand ad migration agent "Azure ad join cutover" part, but the tests i made always ended up with the computer ONLY AZURE AD JOINED. (not anymore joined in the OnPremise AD...).

Not sure what i should do here.

Is that something i can do with quest ? (With an azure ad join task)

Is that an instrcution i have to give to the users once "Local AD cutover", when they first sign in ?

Maybe in that context th gloabl plan would be easier migrate first 365 users to Target, and only after that the computers and the local applications ? 

I didn't find any white paper describing this context. The doc just says Hybrid to Hybrid is possible :)

So if anyone has done that kind of migration and can take some minutes to globally describe the steps, that would be great !!

Thanks a lot

Parents Reply Children
No Data