Chat now with support
Chat with Support

On Demand Migration Current - Microsoft Entra ID Device Join Quick Start Guide

Introduction Device Migration Frequently Asked Questions

Provisioning Package Preparation

Provisioning Package Preparation

This section will explain how to create a provisioning package for Windows Workstation running Windows 10 (Build 1709 or later), or Windows 11 using Windows Configuration Designer.  Additional detailed instructions can also be found at this Microsoft Article Bulk enrollment for Windows devices - Microsoft Intune | Microsoft Docs.

  1. Download the Windows Configuration Designer (WCD) from the Microsoft Store.

    LightbulbImportant Tip: Windows Configuration Designer(WCD) should be downloaded and installed on the workstation used by the migration administrator to prepare the enrollment package.  It does not need to be installed on the workstations that are being migrated.

  2. Launch the Windows Configuration Designer by clicking on the icon on the start menu.

  3. Create a new package by clicking on the Provision desktop devices icon.

  4. Provide a project name and click Finish.

  5. Specify a computer name using the on-screen instructions.  Leave all other settings with default.  Click Next.

  6. Disable the Wi-Fi setting if devices will have a wired network connection, or you may enter a Wi-Fi SSID in your environment, Click Next.

  7. Perform the following in Account Management section, click Next when completed:

    • Select “Enroll in Azure AD” option.

    • Click on the “Get Bulk Token” link to generate a token that will be used for device join.  You will be prompted by Microsoft 365 to enter your tenant credential. 

      LightbulbImportant Tip: Your account must have a specific Azure AD (Microsoft Entra ID) role assignment to create a bulk enrollment token.  Reference the Microsoft documentation for details on which roles have access and how to assign them Bulk enrollment for Windows devices - Microsoft Intune | Microsoft Docs.

    • Optionally you can also specify a local administrator account and password.  This account will be created on the device. 

      LightbulbImportant Tip: If you do not have any local administrator account configured on the device, it is recommended that you create this optional local administrator account as your source Active Directory Admin account will not work after device migration.

  8. Leave the default setting for Add Application section and click Next.

  9. Leave the default setting for Add certificates section and click Next.

  10. Review the package setting and click Create.

  11. Store the package file in a Shared Folder which is accessible by the Workstation for later use. (The Share Folder UNC path will need to be defined later in On Demand Migration Active Directory)

Device Migration

On Demand Migration Directory Sync

This section explains how to setup Directory Sync between Local On-Premises Active Directory and an Microsoft Entra tenant using On Demand Migration Directory Sync.  During project setup, an Office 365 Global Administrator account is initially required to add Microsoft Entra tenant to the project.

On Demand Migration Directory Sync

On Demand Migration Directory Sync

This section explains how to setup Directory Sync between Local On-Premises Active Directory and an Microsoft Entra tenant using On Demand Migration Directory Sync.  During project setup, an Office 365 Global Administrator account is initially required to add Microsoft Entra tenant to the project.

Setting up the Directory Sync Local Environment

Follow these steps to setup the Directory Sync Environments.

  1. Log in to On Demand.

  2. Navigate to Migration.

  3. Select an existing migration project.

  4. Click on Directory Sync from the Project Dashboard.

  1. Once the On Demand Migration Directory Sync module is loaded, click on the Directory Sync icon in the main dash view.

  1. Click Environments in the left navigation menu to display the environment page.

  2. Click the New button.

  3. Click Local as the environment type, Click Next.

  4. Name the environment, Click Next.

  5. Name the local agent, Click Next.

  6. Note the agent registration URL and registration Key for later use, click Finish.

  7. Install the agent in the Windows Server that is joined to the local AD domain.  

    1. Launch the On Demand Migration Directory Sync Agent installation in the target workstation or server.

    2. Accept the license agreement and click on next.

    3. Enter the target active directory environment information by providing the following and click next.

    • Domain Name

    • Global Catalog Server

    • Username

    • Password

    1. Enter the On Demand Migration Directory Sync Registration URL and Agent Registration Key information and click next.

    2. In the sIDHistory Migration section, you may skip this step as sIDHistory is not in-scope for this project.

Note, Refer to On Demand Migration Active Directory Online Help Center for detailed information about agent installation and set-up requirements.

  1. Once the agent is installed and the environment is discovered, click on the Setting button to access the local AD environment setting page.

  2. Click on the Organization Unit tab and define the OU filter based on your project scope. In this case, we should include the following:

    1. Users and Groups objects in-scope of the migration

    2. Devices in-scope of the migration

  3. Click on the Filters tab and define any LDAP filter based on your project scope.

  4. Click Save.

     

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating