Migrating Azure AD connect to new Active directory domain

Migrate Azure AD connect

When you want to migrate Azure AD Connect to another domain, so things can become pretty complicated. These kind of migrations can also create a lot of issues and unknown errors. The best thing to do before you start such a migration is to prepare this scenario in a testlab.

Disable Azure AD connect

First you need to logon to the Azure AD connect server which you want to migrate. Then perform the 4 steps below.

Install the Azure Active Directory Module for Windows PowerShell. So For more info, go to the following Microsoft website:

Connect to Azure AD by using Windows PowerShell. For more info about how to do this, go to the following Microsoft website:

Disable directory synchronization.  So to do this, type the following cmdlet, and then press Enter:

Set-MsolDirSyncEnabled –EnableDirSync $false

Check that directory synchronization was fully disabled by using the Windows PowerShell. To do this, run the following cmdlet periodically:

(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled

*note This will take up to 72 hours. This change will not cause any service interruption, all users will be able to use their services as normal.

Install the new Azure AD connect

When you have prepared or executed the steps above you can install the Azure AD connect tool on the new server.

The second step is to populate your new AD domain with all user accounts. So it is now important that you copy all information from the old domain, (companyname, jobtitles etc), and for Exchange Online it is especially important that these attributes are copied:

  • userPrincipalName
  • proxyAddresses
  • legacyExchangeDN

When Hybrid you need the above and attributes below

  • msExchRecipientTypeDetails
  • msExchMasterAccountSid
  • msExchRecipientDisplayType
  • msExchRemoteRecipientType

What does the attributes do

  • The UserPrincipalName (UPN) of the users is the login name to Office 365.
  • ProxyAddresses are all your email addresses, both primary and alias.
  • The legacyExchangeDN, is used if you previously have migrated from an Exchange on-premises to Office 365. It is used for internal addressing in Exchange. If it is removed you will not be able to reply to old emails, meeting invitations, and your Suggested Contacts will also fail.
  • msExchRecipientTypeDetails sets the type of mailbox: usermailbox(1), linkedmailbox(2), Sharedmailox(4), legacymailbox(8), room mailbox(16), equipmentmailbox(13)
  • msExchMasterAccountSid This attribute of the target user object holds the objectSID of the source user account. This allows to connect to the own mailbox and shared mailbox.
  • msExchRecipientDisplayType sets the type of account that is used (List of references)
  • msExchRemoteRecipientType

Match Immutable ID

The third step is to make sure the immutable id in Office 365 which uses the ObjectGUID attribute  is translated to an ImmutableID in Azure Active Directory. If you rename your users, the ObjectGUID is untouched. And most of the time you use the ObjectGUID by default as immutableID.

*note if you have used something else please make sure this part is covert.

Currently we are moving to a new Domain so in this case the ObjectGUID will be changed. To manage this we have to clean the attribute in Office365. Office 365 generates these IDs for us,  you can use the Command below.

Set-msolUser -UserprincipalName “jerry.meyer@domain.com” -immutableID “$null”

Enable AzureAD sync and reinstall Azure AD connect

The next step is to enable Azure AD connect in the Office 365 tenant.

Set-MsolDirSyncEnabled –EnableDirSync $true

Check if it is enabled:

(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled

After these steps you reinstall the Azure AD Connect Sync tool on a server in the new domain. I strongly recommend using a new server for this step. Always use a new server for this purpose else it can create bad errors or even break the sync. When this happens you need to create a ticket at Microsoft.

When the installation and full sync is done. The Sync tool will match the users in Office 365 and AD onprem by the primary email address. When there is a match  a new ImmutableID is created and written to Azure AD.

Please follow and like us:

My Onedrive for business can’t sync

My OneDrive for business can not synchronize with Office365. We know that an update to an document or folder can çreate an error in the sync. There are some problems with OneDrive where you are not authorized by your system administrator to solve this issue. If the problem is very harsh and you or the administrator want to resolve this issue you sometime need to create a call with the Office 365 support team.

Luckily there are plenty of things you can do with OneDrive Restore.

Actually, there are always a few things you already need to do and know before you sync using OneDrive for business.

Think of it as a URL that you enter when you search in your browser each / example is a folder, but if for example you have a file with the following name “a new way to sync Version 80/20 note.doc” this causes the same problems when you use the & sign the document will not synchronize and you get red crosses.

The complete list of characters that can not be used (in dutch only).

There is also a problem when a file is longer than 255 characters. This can happen when you have a file with only 10 characters, probably the file is in a folder within a folder, etc. for example “C: \ Users \ Documents \ private \folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\folder\note.docx”

Also, there is currently still a problem that your personal OneDrive exceeds 20,000 files. a smart temporary solution isto merge any files in a .zip file if you have for example a store with lots of files you used purely for backup, it is interesting to zip these files so that for example in 2000 become one file.

Please follow and like us:

How to hide the OneDrive Synclink from Navigation and Library’s

A common question that I am asked on a daily basis is how can we hide ‘One Drive’ or ‘Newsfeed’ from the Top Navigation bar?

Well Thanks to an update a few month’s back it’s now extremely simple to do so:

Browse to:

https://companyname-admin.sharepoint.com/_layouts/15/online/TenantSettings.aspx

HideOneDrive

Scroll down to the bottom of your page  Save your changes and you are done

You can also remove Onedrive sync fuctionality from a Document library or another app.

Go to the sitesettings of the library you are in.

3

Select Search and offline availability. And change the Download to offline clients to NO.

searc

offline

Please follow and like us: