Convert Synced User to In-Cloud User

Here is the scenario:

Synced ID: Specifies the immutable ID of the federated identity of the user. This should be omitted for users with standard identities.

You have local Active Directory with AAD Connect installed, which sync users and password hash to Office 365. Now you have decided to migrate the authentication from local Active Directory to Office 365 and decommission on-premises Active Directory. The purpose of this exercise to demote on-premises AD, use Office 365 as office productivity tools and Azure AD as the IDaaS.

The following are the steps to transition from on-premises “Synced Identity” to “In Cloud Identity”.

Step1: Sign into the AAD Connect Server and Sync the Delta

Start-ADSyncSyncCycle -PolicyType Delta

Step2: Turn off AAD Connect Sync

Set-MsolDirSyncEnabled -EnableDirSync $false

Step3: Transition a Single Test User from on-premises “Synced Identity” to “In Cloud Identity”.

Get-MsolUser -UserPrincipalName john.doe@domain.com | Set-MsolUser -ImmutableId $null

Step4: Remove Immutable ID of all users

Get-MsolUser | Set-MsolUser -ImmutableId $null

Step5 (Optional): Alternative Scripts

$users=Get-MSOLUser

$immutableID=$null

Foreach($user in $users)

{Set-MsolUser -UserPrincipalName $user.UserPrincipalName -ImmutableID $immutableID}

Step5: Turn o AAD Connect Sync

Now go to local Active Directory, move user out of sync scope. In best practice when you have configured sync, you target a specific OU in active directory to sync users from, moving user to different OU will take user out of sync scope. If you have targeted the sync to all users then you have delete user from your local active directory.

Step6: Turn on AAD Connect Sync

Set-MsolDirSyncEnabled -EnableDirSync $true

Step7: Enable Force Sync if the Sync didn’t work

Import-Module ADSyn
Start-ADSyncSyncCycle -PolicyType Initial

Step8: Change the Federated Domain to Standard Domain if you have ADFS Server

Convert-MsolDomainToStandard -DomainName domain.com -WhatIf
Convert-MsolDomainToStandard -DomainName domain.com -Confim

Step9: Test SSO using Azure AD

Now, last step is to login into Office365 with the same password, it should work.
Also, you will see that in Office365 the user sync status will be shown as Incloud instead of Synced with local AD.

 

Decide on Office 365 Migration Path

Deciding on the best migration path of your users’ email to Office 365 can be difficult. Your migration performance will vary based on your network, existing messaging systems design, mailbox size, migration speed, and so on.

Office365

For migrations from an existing on-premises Exchange Server environment, you can migrate all email, calendar items, tasks and contacts from user mailboxes to Office 365. The available methods are cutover, staged, and Exchange Hybrid migrations.

For migrating third-party email to Office 365, you can configure mail flow coexistence if the third-party email provider permits then migrate the mailboxes using IMAP or cutover migration options.

Migrating from Exchange 2003 or Exchange 2007

Number of mailboxes How quickly do you want to migrate? Use
Fewer than 150 Over a weekend or a few days. Cutover
Fewer than 150 Slowly, by migrating a few users at a time. Staged
Over 150 Over a weekend or a few days. Staged
Over 150 Slowly, by migrating a few users at a time. Staged

Migrating from Exchange 2010 or Exchange 2013 or Exchange 2016 or Exchange 2019

Number of mailboxes How quickly do you want to migrate? Use
Fewer than 150 Over a weekend or a few days. Cutover
Fewer than 150 Slowly, by migrating a few users at a time. Exchange Hybrid
Over 150 Over a weekend or a few days. Exchange Hybrid
Over 150 Slowly, by migrating a few users at a time. Exchange Hybrid

Migrating from third-party email system to Office 365

Number of mailboxes How quickly do you want to migrate? Use
Fewer than 150 Over a weekend or a few days. Cutover
more than 150 Slowly, by migrating a few users at a time. IMAP with mail flow coexistence

If the mailboxes you’re migrating contain a large amount of data, you can also use Office 365 Import Service to import PST files to Office 365.