Chat now with support
Chat with Support

On Demand Migration Current - Active Directory Entra-Joined Devices Quick Start Guide

Introduction Requirements Preparing the Environment Preparing the Provisioning Package Preparing ODMAD for Device Migration Migrating your Device Validating your Device After Microsoft Entra ID Join Frequently Asked Questions

Preparing the Directory Sync Workflow

Follow the steps described below to configure the Directory Sync Workflow.

  1. Log in to Quest On Demand.
  2. Navigate to Migrate > Directory Sync.
  3. From the Workflow section, click New to start the workflow wizard.
  4. Enter the workflow Name and Description. Then click Next.
  5. Select the discovered environments that you would like to use with this workflow. For the purpose of this guide, select the Local and Cloud Directory Sync environments added previously. Click Next.
  6. Select One Way Sync and click Next.
  7. The workflow wizard will have four(4) workflow tasks pre-selected. They are Read, Match, Stage and Write. You must configure all 4 tasks.
    1. Read – Select the environments from which you wish to read the objects.
    2. Match – This is the step where you will decide how to match existing objects across your Microsoft Entra ID directories. Matching is conducted by pairing sets of attributes to find corresponding objects.  Your two (2) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to populate some to ensure accurate matching.  For a successful Directory Synchronization, it is most important that existing objects are correctly matched. For the purpose of this guide, DisplayName and Name will be used for matching.

    3. Stage – Configure how objects are synced using the sync template. The Stage data step is required and if you do not wish to create any objects in the target environment, you may modify the template option and select “Skip” or “Do Not Create” for each object type.
      1. Select the Sync Template. Click Next.
      2. Select the source environment. Click Next.
      3. Select the target environment. Click Next.
      4. Choose the target domain name. Click Next.
      5. Select the Source Organizational Units. For the purpose of this guide, select the OUs you have defined in the Local environment which contains your in-scope Users, Groups and Devices. Click Next.
      6. Configure any Stage Data filters by double-clicking the OUs. It is highly recommended to setup a filter to limit the scope when performing a test on the first sync as part of the validation. Click Next.
      7. Review the stage data summary and click Finish.
    4. Write – Specify the environment you want the changes to be applied to and click Next. This task can be removed from the workflow if you do not need to create any objects in the target environment.
  8. Configure the Sync Interval. For the purpose of this guide, select Manually and click Next.
  9. Configure the Sync Alert. For the purpose of this guide, we do not want to setup any alerts.  Click Skip.
  10. Review the workflow summary and click Finish.

Running Directory Sync Workflow and validating the sync results

Follow the steps described below to synchronize the objects between source and target environment using the workflow created in the previous section. 

  1. Log in to Quest On Demand.
  2. Navigate to Migrate > Directory Sync.
  3. Select the workflow created and click Run. Allow the workflow to complete.
  4. Select the workflow created and click Run again.  This step is needed to ensure all the objects created in the target tenant will be matched to the source objects.
  5. Click the Environments in the left navigation menu.

  6. Select the Local On-Premises AD environment and click Details.

  7. Confirm source devices are discovered, and users and groups have matching objects in the target environment.

 

Installing the Local Agent on the Workstation

Installing the Local Agent on the Workstation

  1. Log in to Quest On Demand.
  2. Navigate to Migrate > Active Directory.
  3. Click Configurations in the left navigation menu.

  4. Download the latest device agent and note the Service URL and Auth Key for later use.

  5. Copy the agent installation file onto the workstation and run the installer. Then click Next.

  6. The installer will prompt you to enter the Service URL and Auth Key noted in the previous step. Follow the installer wizard to complete the installation process.

  7. When the agent installation completes, return to Quest On Demand > Migrate > Active Directory.
  8. Click Devices + Servers in the left navigation menu and click the Ready Devices tab.

    NOTE By default, when the agent is first installed, it may take up to 4 hours for the agent to be registered and show up in On Demand Migration Active Directory Ready Devices view.

 

Preparing the Microsoft Entra Bulk Enrollment Repository and Microsoft Entra ID Join Profile

  1. Log in to Quest On Demand.
  2. Navigate to Migrate > Active Directory.
  3. Click Configurations in the left navigation menu.

  4. Click Repositories and specify the Provisioning Package Local Path or Shared Folder’s UNC Path under Microsoft Entra Bulk Enrollment.  Click Save.

  5. Open the left navigation menu and click Profiles .
  6. Click the Microsoft Entra Join tab, and click Add to create a new Microsoft Entra Join Profile.
  7. Enter the following information in the profile and click Save.
    1. Profile Name - name of the Profile.
    2. Bulk Enrollment Package File Name - provisioning Package File Name.
    3. Target Environment - specify the target Microsoft Entra tenant.
    4. Device Name Option - Choose an option to either preserve the computer name or use the name defined in the provisioning package.

    5. Click Next to continue with the Profile configuration.
      1. Source Domain Credential - specify source domain credentials including the Domain FQDN.

        NOTE If the source device is an Microsoft Entra Join Cloud Only device, you may uncheck the “Active Directory Joined or Microsoft Entra Hybrid Joined” option.

      2. Preflight Check Validation - choose this option if the source device is a remote workstation that does not have access to Local On-Premise Active Directory.
      3. Create Local Admin - select this option to add a new user to the local admin group, and enter the Username and Password for the new user.
    6. Click Save Profile.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating