Fully migrate AD users to Azure AD
I would like to be able to fully migrate my AD users to the cloud, so that when I use them to log into an AzureAD Joined Machine, the whoami CMD properly returns AzureAD\fristnamelastname. Right now there are hidden attributes accociated with the previously AD synced user, that causes the whoami CMD to return DOMAIN\username. This is preventing cloud migrations.
Response I received suggesting that I contact this team.
"This a known gap, that we're reviewing. Even though you have migrated the user from AD to Azure AD, the onprem SamAccountName is still intact on the user object, among other on-prem AD attributes. As a result, Azure AD picks those details and shows domain/user instead of AzureAD/user. This attribute cannot be modified or cleared through Graph APIs at this point, so there's no way to change the behavior
Please file a UserVoice suggestion on MS Graph for this so that our teams can get the feedback and prioritize it as needed"
I am currently working with 15 users whose identities are syncronised into Office 365 via the AD Connect tool. To prepare for the ultimate decommissioning of their servers on-site both my colleagues and I have started remotely connecting onto end-user machines, disjoining them from the on-premise domain and joining them onto AzureAD.
When the user is logging in now that their machine is no longer joined to the on-premise domain, they are getting a new profile, but said profile is located under their existing user profile path (i.e c:\users\user.DOMAIN), in addition when running a 'whoami' in CMD, they see 'DOMAIN\user'.
While Microsoft support have already confirmed that me disabling directory sync and these users automatically converting to 'In Cloud' will not impair the users local profile or cause issues, I would just like some reassurance from others who have already performed this type of migration.
This should in the least be able to enable for migration during a DR situation so that the account owners can move to full cloud at greatest need. A solution where you can change over to Windows AD, a 3rd party, or use Azure itself as the primary login would be a very welcome front end solution.
Why is this not a primary feature?
I'm trying to understand this request more in terms of what the concrete feature request is on Microsoft Graph. Can someone help me understand what Microsoft Graph should be able to do here?
The original ask seems to be around how samAccountName is being used and managed. However other posts here appear to be about migrating AD users to the cloud and various blockers that prevent this, some of which don't initially seem related to the original ask or to Microsoft Graph. Sorry for any lack of understanding on this on my part...
Same here, I Don't understand why this is not by design. When you use Azure AD Connect synchronization it helps you to have your users in both environment. But the final goal is to switch fully in Azure AD. Please integrate it in a future update !
We are in the process of rolling out M365 to numerous clients. We need an effective and efficient way to migrate their existing profiles to new profiles and retain all their settings etc
Microsoft has said that this is on the radar but not done yet. I don't know why. The solution of 'Remove it from the OU in Azure AD Connect, then (after it deletes in Azure) Restore it from the trash in Azure, then quickly change the Immute ID before it syncs again' is not a reasonable way to convert an entire organization. https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/36479119-allow-conversion-of-ad-synced-accounts-to-in-clou
Daniel Tregellis commented
MS still offer no support way to migrate domain profiles to Azure AD ?
This needs to be an option as many like ourselves are moving away from on-prem AD environments.
Nalle Jacobsson Reuterswärd commented
Same here. I fail to understand why Microsoft has not provided a clear path to migrate users from on-prem AD to Azure AD.
Thank you, this is a big concern of ours.