Fully migrate AD users to Azure AD
I would like to be able to fully migrate my AD users to the cloud, so that when I use them to log into an AzureAD Joined Machine, the whoami CMD properly returns AzureAD\fristnamelastname. Right now there are hidden attributes accociated with the previously AD synced user, that causes the whoami CMD to return DOMAIN\username. This is preventing cloud migrations.
Response I received suggesting that I contact this team.
"This a known gap, that we're reviewing. Even though you have migrated the user from AD to Azure AD, the onprem SamAccountName is still intact on the user object, among other on-prem AD attributes. As a result, Azure AD picks those details and shows domain/user instead of AzureAD/user. This attribute cannot be modified or cleared through Graph APIs at this point, so there's no way to change the behavior
Please file a UserVoice suggestion on MS Graph for this so that our teams can get the feedback and prioritize it as needed"
I'm trying to understand this request more in terms of what the concrete feature request is on Microsoft Graph. Can someone help me understand what Microsoft Graph should be able to do here?
The original ask seems to be around how samAccountName is being used and managed. However other posts here appear to be about migrating AD users to the cloud and various blockers that prevent this, some of which don't initially seem related to the original ask or to Microsoft Graph. Sorry for any lack of understanding on this on my part...
Same here, I Don't understand why this is not by design. When you use Azure AD Connect synchronization it helps you to have your users in both environment. But the final goal is to switch fully in Azure AD. Please integrate it in a future update !
We are in the process of rolling out M365 to numerous clients. We need an effective and efficient way to migrate their existing profiles to new profiles and retain all their settings etc
Microsoft has said that this is on the radar but not done yet. I don't know why. The solution of 'Remove it from the OU in Azure AD Connect, then (after it deletes in Azure) Restore it from the trash in Azure, then quickly change the Immute ID before it syncs again' is not a reasonable way to convert an entire organization. https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/36479119-allow-conversion-of-ad-synced-accounts-to-in-clou
Daniel Tregellis commented
MS still offer no support way to migrate domain profiles to Azure AD ?
This needs to be an option as many like ourselves are moving away from on-prem AD environments.
Nalle Jacobsson Reuterswärd commented
Same here. I fail to understand why Microsoft has not provided a clear path to migrate users from on-prem AD to Azure AD.
Thank you, this is a big concern of ours.