Azure AD Connect and populating a new AD Forest
-
I'm working on moving over to a fresh domain and forest, abandoning quite a few years of legacy configuration. We are on Office 365, but there is no directory synchronization going on currently. Is there a way to do a reverse sync? Basically, can I utilize Azure AD Connect to pull the users down from O365 to populate my new domain? If so, can I rename the UPN suffix after the users are brought down to my on premise domain server?
-
I don't THINK that you can, but it might be possible.
Pinging @PSX_Defector @Mike-Davis
-
I'm leaning towards exporting everything from O365 and then importing it into AD. Then setting up the AAC.
-
If you mean to "sync" and have it create accounts in AD, I don't think that's going to work. It doesn't even "sync" like that going in the other direction. It doesn't create a mailbox or anything in o365 until you assign a license.
Depending on the number of users you're talking about, (and group memberships, etc) I suppose you could script out the account creation on the AD side, and then start a sync. I'm not sure how well that would work though because the password would be newer on the prem side and it seems like it would over write the o365 side.
With powershell you can rename a UPN suffix. Pretty easy with powershell:
https://blogs.technet.microsoft.com/canitpro/2015/07/07/step-by-step-changing-the-upn-suffix-for-an-entire-domain-via-powershell/ -
@Mike-Davis said in Azure AD Connect and populating a new AD Forest:
With powershell you can rename a UPN suffix. Pretty easy with powershell:
https://blogs.technet.microsoft.com/canitpro/2015/07/07/step-by-step-changing-the-upn-suffix-for-an-entire-domain-via-powershell/Thanks @Mike-Davis, this is one of the pieces to the puzzle that I was missing.
