Transition from Azure Hybrid Entra to Azure Entra
DISCLAIMER: The information in this guide is provided "as is" without any guarantee of completeness, accuracy, timeliness, or of the results obtained from the use of this information. The author assumes no responsibility for any errors or omissions in the content. It is meant for general information purposes only and should not be used as a substitute for professional advice. The author is not responsible for any damages caused by the use of this information. By using this guide, you agree to hold the author harmless from any and all claims, damages, or expenses that may arise from your use of the information.
Introduction
In this company's Hybrid Entra setup, a sole Domain Controller operates on Windows Server 2016 Standard. Since this is a test environment, Azure AD Connect is directly set up on the Domain Controller, successfully synchronizing users (excluding devices) with Azure Entra. Additionally, all workstation computers are joined to the local domain.
Requirements
- A functional Windows Server 2016 AD Environment.
- An administrator-level user within the domain or local system. This user should differ from the one designated for user profile migration.
- ForensIT User Profile Wizard Professionnal Edition Installer (User_Profile_Wizard_Pro_xx.x_setup.exe)
- ForensIT User Profile Wizard Professionnal Edition License File (Profwiz.config)
Instructions
Prepare ForensIT for Azure Entra Profile Migration
To facilitate the migration of a user profile to an Azure Entra user account, User Profile Wizard requires the Object ID of the user account. This Object ID is accessible through the Azure portal (https://portal.azure.com/) or can be retrieved using the Microsoft Graph PowerShell module.
Installing the Microsoft Graph PowerShell module on every machine targeted for migration is inconvenient. Therefore, User Profile Wizard employs a file to retrieve the Object ID of the Azure AD user account intended for the user profile migration. By default, this file is named ForensiTAzureID.xml. (Customers with Corporate and Professional Editions can customize the filename.)
- Install ForensIT User Profile Wizard Professional on a trusted workstation or server. This process should only be carried out on a trusted workstation or server. We will solely utilize this workstation or server for generating files to be employed later on devices slated for removal from the local domain.
- Copy the
Profwiz.configlicense file toC:\ProgramData\ForensiT\User Profile Wizard Professional\Deployment Files, this will license the software. - Navigate to
C:\ProgramData\ForensiT\User Profile Wizard Professional\Deployment Filesand run.\Save-AzureADUser.ps1to generate theForensiTAzureID.xmlfile that the User Profile Wizard will need to migrate profiles to the new Azure Entra accounts.
Set-ExecutionPolicy RemoteSignedmay be required to run the script.
Save-AzureADUser.ps1 is installed with the Corporate and Professional Editions of User Profile Wizard and can also be downloaded from https://github.com/ForensiT/PowerShell.
The script will prompt for user credentials, enter global admin account credentials.
Afterwards, the script will generate the ForensiTAzureID.xml file:
Sources
https://activedirectorypro.com/azure-ad-connect-install-setup-guide/
https://www.alitajran.com/disable-active-directory-synchronization/
KB Change/Issue Log
yyyy/mm/dd - Title
Issue
N/A
Solution
N/A
Sources
- N/A
KB Meta
| Page Includes | @9#bkmrk-callout-danger-NoResponsibilityDisclaimer-5wod5ufe |
| Page Includes | @9#bkmrk-callout-warning-UniqueToMarthursHomelab-uy8gtmxc |
| Page Includes | @9#bkmrk-callout-info-DeployedViaPortainer-xfb2q9s9 |
| Page Includes | @9#bkmrk-callout-info-ReplaceAllPlaceholderText-86k2hi4r |
| Page Includes | @9#bkmrk-callout-info-ChangeImageVersionTag-46ukokrn |