如何将纯云用户从内部部署AD实例完全迁移到Azure AD [英] How to fully migrate cloud-only users from on-premise AD instance to Azure AD

问题描述

在我们的用例中，我们有一个基于云的AD来管理我们公司的所有用户帐户，因为它只是云，所以Azure AD可以取代我们现在使用的所有功能。

In our use case we have a cloud based AD to manage all user accounts in our company, since it's cloud-only so Azure AD can replace all the function we used now.

我们希望将所有用户从内部部署AD迁移到Azure AD，然后再删除原始实例。使用Azure AD Connect同步可以将所有用户与源"Windows Server AD"同步，但使其不可编辑。

We want to migrate all users from the on-premise AD to Azure AD, and delete the origin instance later. Using the Azure AD Connect syncing can sync all users with source 'Windows Server AD' but leaves them non-editable.

如何进行完全迁移而不是同步？

How to do a full migration instead of syncing?

谢谢， 

推荐答案

您好，

没有开箱即用的解决方案可以直接将用户从内部部署AD迁移到Azure AD。但是，您可以尝试以下操作 

There is no out of the box solution to migrate users from on-premise AD to Azure AD directly. However you can try the following 

1）由于您已经在使用AD Connect并将所有用户同步到Azure，因此您可以在租户中禁用Azure AD同步服务。这个

提供了一些步骤doc 。 

1) As you are already using AD Connect and synced all users to Azure, you can disable the Azure AD sync service in your tenant. Steps are provided in this doc. 

这会将用户转换为托管状态，并将源转换为"Azure Active Directory"。您应该能够在此之后编辑用户属性。这不是建议的方法，但这是您方案中最简单的方法。 

This will convert the users to managed state and source to "Azure Active Directory". You should be able to edit the user properties after this. This is not the recommended way to do this but the easiest method in your scenario. 

完成此过程后（最多可能需要72小时，您可以从Azure验证这一点）在确认用户能够登录后，您可以删除AD连接服务器（AD）。 

Once the process is complete(This can take upto 72 hours and you can verify this from the Azure portal), you can remove AD connect server(AD) after verifying the users are able to sign in. 

2）您必须PS才能从AD / Azure转储用户AD转换为CSV并使用Azure AD PS命令​​通过从CSV读取数据来创建新用户。对于您的方案而言，这不是最简单的解决方案，因为您必须删除并重新创建它们，但这绝对是
工作。 

2) You will have to PS to dump the users from AD/Azure AD into a CSV and use Azure AD PS commands to create new users by reading the data from CSV. Not the easiest solution for your scenario as yo will have to delete and recreate them but this will definitely work. 

另外请确保您没有任何其他服务依赖在AD Connect上禁用它之前。 

Also please ensure you do not have any other services dependant on AD Connect before disabling it. 

希望这会有所帮助。

这篇关于如何将纯云用户从内部部署AD实例完全迁移到Azure AD的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！