I have a scenario where users are on VPN or sometimes in the office, the devices are Hybrid Joined to Azure using Onpremise AD Entra Connect is used to sync users and devices, in this scenario what should be the process to migrate the devices?
I have a scenario where users are on VPN or sometimes in the office, the devices are Hybrid Joined to Azure using Onpremise AD Entra Connect is used to sync users and devices, in this scenario what should be the process to migrate the devices?
Offline domain join (ODJ) is a viable migration scenario for your devices. You can find detailed documentation on this process here: On Demand Migration Current - Active Directory User Guide (quest.com)
As a customer, I have successfully used ODJ. However, please note that the machine will need to communicate with a domain controller post-migration to pull group policies. This often necessitates remote control of the device for immediate application.
I recommend considering Entra joining the machines and managing them via Intune. This approach has become our preferred method over ODJ. There are few scenarios where transitioning to this configuration wouldn’t be feasible. A useful resource to evaluate this option is https://wiki.winadmins.io/en/autopilot/hybrid-join-vs-aad-join - However, this might involve a double device migration.
Quest also supports moving from hybrid to Entra joined, which I have yet to try. For more information, refer to the On Demand Migration Current - Microsoft Entra ID Device Join Quick Start Guide (quest.com)
Thank you for the detailed info, however I have tried ODJ option and it Entra Joined the device instead of Hybrid Joined, client is looking for Hybrid Joined and I migrated the device using ODJ steps. Is there a way to change this behaviour using ODM Offline Domain Join? or Do I have to use ODM Entra Device Join feature?
I can't understand how that would have been possible if you configured the workflows correctly and performed the correct migration action against the device. - They're totally different actions in the ODM AD Devices + Servers section and the process is totally separate. To do an entra join, you would use the cutover actions. for ODJ, you use the Offline Domain Join action.
I would ensure you're reading the User guides in isolation for each scenario and not to cross them over. There's a bunch of work involved with configuring environments in the traditional active directory scenario to ultimately end up with mapping files that are used during the reacl process.
If you're still struggling then I would suggest reaching out to your Quest rep, who can better guide you on how to perform these migrations but it sounds like you have done something fundamentally incorrect.
I can't understand how that would have been possible if you configured the workflows correctly and performed the correct migration action against the device. - They're totally different actions in the ODM AD Devices + Servers section and the process is totally separate. To do an entra join, you would use the cutover actions. for ODJ, you use the Offline Domain Join action.
I would ensure you're reading the User guides in isolation for each scenario and not to cross them over. There's a bunch of work involved with configuring environments in the traditional active directory scenario to ultimately end up with mapping files that are used during the reacl process.
If you're still struggling then I would suggest reaching out to your Quest rep, who can better guide you on how to perform these migrations but it sounds like you have done something fundamentally incorrect.
So does ODJ supports Hybrid Device join devices to be migrated and I need to follow the link you shared? If yes I will review step by step and go through it now. Thanks
In hybrid join you need to treat this as an AD to AD migration scenario and you need to understand that you're migrating the device between 2 on premise Active Directories. Not between Entra. - The hybrid join element happens outside of ODM and Active Directory whereby the device is synced by the Entra Connect Sync service AFTER being migrated to another domain. You would need to perform a hybird join leave request on the device for it to then be able to hybrid join to the new tenant.
This is assuming you're migrating between 2 disconnected domains, each only connected by Entra Connect sync to separate tenants.
Whilst it doesn't directly cover hybrid join, I strongly recommended following the documentation here: On Demand Migration Current - Active Directory User Guide (quest.com)
Loosely, you will need to do the following but please, make sure you read and understand the documentation.
You would then be able to install the agent on devices, run reacl process, perform cached credentials action, perform ODJ action, perform Hybrid join leave request, allow Entra Connect to sync device on target, device is now hybrid joined on target.
Great, I have performed exactly same steps except Hybrid Join Leave request does it fall under ODM or outside the migration process? I have done the ODJ action and device was joined to the target AD Domain. So if you can please share where about I set the Hybrid Leave in source? I have Entra Connect in both the AD Domain and it syncs devices and users Groups in respective Entra Tenant. Thanks brother for your guidance.