I'm looking to migrate a user from on-premises Active Directory to a cloud-only setup in Microsoft 365. Is the correct process simply deleting the user in on-prem AD and then restoring it in the cloud? Or is there more to it that I should be aware of? Thanks in advance for your help!
3 Answers
I think it’s also good to maintain a hybrid setup for a while. This way, you can manage control through direct access to your on-prem servers while ensuring security. It’s easier to transition without the risk of losing anything important due to a global admin compromise.
Definitely don't delete the on-premises account first! If you do, the synchronized object in Entra gets soft-deleted, which means losing all mailbox data, license assignments, and group memberships. The best way is to use the 'Convert to cloud-only user' option in the Entra Admin Center. Just make sure to scope the user out of Entra Connect sync, wait for the next delta sync to process, and then do the conversion. It's a much cleaner method than the delete-and-restore trick that used to be recommended.
Wow, I didn't even know that was a thing! When did this change happen? You're a lifesaver!
Just to clarify, if I scope the user out of the sync, won't that also lead to a soft delete in Intune?
Before anything, make sure you stop the sync from AD to Entra ID. Give it a couple of days, then disconnect. You really don’t need to delete the account; they should already exist in the cloud. It's way less hassle this way.
We keep trying to move away from on-prem servers altogether, though. It's tough!