No module Published on Offcanvas position

Converting AD Hybrid 365 Users to New Domain

When a company uses Microsoft 365 and decides to change the companyname, as an administrator you'll be then faced with the challenge to migrate all your users to this new domain.

365 has tools available if you need to mass change the domain of users in one go. But when you have a hybrid deployement, your on-premise AD is the leading authority for user accounts.
In this guide I'll tell you how to properly convert all your users to a new domain in a hybrid environment.

I'm a big fan of user powershell, because you can write a single script that touches two environments (on-premise and cloud) and does it pretty well.
Therefore in this guide, we'll be using Powershell to make the changes.

First you'll need a few things before your script will work

  1. Installation of the MSONline module in powershell, you can install it by starting Powershell and use Install-Module -name MSonline
  2.  A basic understanding of foreach loops. This is because you have to process all your users in AD
  3. Active Directory module, you need this is access the on-premise AD powershell commands, you can add the following to your script to import the module Import-Module ActiveDirectory
  4. An UPN Suffix for the new domain in your on-premise AD. If you do not have one, you can easily add one using the Active Directory Domains and Trust MMC.
    Open it and right click on Active Directory Domains and Trust and then select Properties. You'll be able to add a new Suffix with ease.

What you need now is how to change the user UPN on-premise
Set-ADUser -UserPrincipalName (This email address is being protected from spambots. You need JavaScript enabled to view it.) -Identity (username)

To change the domain in 365
Set-MsolUserPrincipalName -UserprincipalName (This email address is being protected from spambots. You need JavaScript enabled to view it.) -NewUserPrincipalName (This email address is being protected from spambots. You need JavaScript enabled to view it.

By building a foreach loop, you'll be able to loop through all the users in your environment and pass them to the abovementioned commands, thus changing the domain.

Example:
Change On-premise users
$users = Get-ADUser -filter {enabled -eq $true}

foreach ($user in $users) {
     Set-ADUser -UserPrincipalName "$This email address is being protected from spambots. You need JavaScript enabled to view it." -Identity $user
}

Change 365 users
$users = Get-Msoluser | Where {$_.islicensed -eq $true}
$currentupn = $users.UserPrincipalName
$username = $upn.Split("@)[0]

foreach {$user in $users) {
     Set-MsolUserPrincipalName -UserPrincipalName $currentupn -NewuserPrincipalName "$This email address is being protected from spambots. You need JavaScript enabled to view it."
}

This is the basis for changing the all the users in your environment. With some basic powershell knowledge, you'll be able to create a fully working script tailored to your needs with ease.
For an example of my own creation, check it out here on my github here.