지금 지원 담당자와 채팅
지원 담당자와 채팅

On Demand Migration Current - Active Directory Intune, Autopilot and BitLocker Quick Start Guide

Introduction

On Demand Migration for Active Directory (ODMAD) supports Microsoft Entra ID Join device migration for devices running Windows 10 or Windows 11 while preserving the User Profiles and File/Folder Security Permissions. 

ODMAD successfully migrates these devices to the target Microsoft Entra ID using the default ODMAD settings, including migrating devices that are already Intune-enrolled and devices that were originally provisioned using Autopilot. In addition to migrating the devices to Microsoft Entra ID, a best practice is to also clear previous Autopilot and Intune settings to allow successful Intune enrollment and management in the target.

​This step-by-step guide walks through how to perform Intune managed device migration between two Microsoft Entra ID (Cloud Only) tenants.

This guide is a supplementary document to the Active Directory Entra-Join Quick Start Guide.

Topics

This guide covers the following topics:

  • Requirements

  • Intune/Autopilot Workstation Cutover High-Level Process

  • High level Custom Task Explanation

  • Implementation Process

  • Intune Cutover Run Book

 

Requirements

General

  • Client is licensed for On Demand Migration Active Directory and Directory Sync

  • One Global Administrator Account for each Microsoft 365 tenant

    Accounts  

    Microsoft Entra ID Application Account

  • An account with Global Administrator Role is required to grant permissions and establish connection when adding a Cloud Environment.

    Microsoft Entra ID PowerShell Accounts

  • Three (3) PowerShell accounts are automatically created to read and update objects in the cloud.  To do this an OAuth token is used from the account used to add the Cloud Environment.

  • These PowerShell accounts do not require any Microsoft 365 licenses.

 

Intune/Autopilot Workstation Cutover High-Level Process

The high-level process no longer requires the modification of the Default Microsoft Entra ID Cutover action in ODMAD. However, if BitLockerBackup is required for the migration, there is an additional task that needs to be added which will be noted below:

  • AutoPilot Cleanup – Default Task, removes the Autopilot registry keys from the workstation. This should be done after the workstation has been removed from Enrolled Devices in the source tenant.

  • BT-DownloadReACLConfig – Default Task

  • BT-ReACLPrepareWin10Profiles – Default Task

  • BitlockerBackupToEntraID (Only required if source workstations are BitLocker Enabled) – If the workstation is BitLocker enabled in the source, the Recovery key is not automatically transferred to the target Microsoft Entra ID. This task creates a PowerShell script on the workstation and creates a Scheduled Task that will run the script after the user has logged on post migration. The script will escrow the existing recovery key from workstation and write it to the target Microsoft Entra ID account.

  • CleanupLocalAdministratorsGroup (Optional) – If the source user was an Administrator on the machine, the Re-ACL process will put the target user in the Administrators group. This task will remove users from the Local Administrator Group.

  • BT-EntraIDCutover – Default Task

셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택