Migration of AD users in the same Okta Org Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Paulo SartoriPaulo Sartori 

Migration of AD users in the same Okta Org

I am migration my users from an old Domain to a new one, the OKTA org will stay the same, how do I migrate these users within okta?
Valentin NituValentin Nitu (Okta, Inc.)
Hey Paulo,

It depends on the way you are looking to migrate the users,
-If the AD migration dosen`t involve Okta then after the users are migrated to the new AD all you will need to do is connect that AD to Okta (Go through the "Add Directory" option under Directory>Directory integration ) and ensure that the users are connected to the new AD (after the setup is done run an import from the new AD, confirm any and all exact matches) . Ensure that the users become mastered by the new AD and after that you can deactivate the old AD in Okta. You can do that by changing the priorities under Directory>Profile Master/

-If migration will be done through Okta then you might have to push the users to the new AD before anything else. You can achive that through Directory push.  First you need to conect the new AD to Okta through the Directory Add option as detailed above. You will need assign all users of the old AD to an Okta group using group rules after that.
Once the users are populated in the group you can push the group to a specific OU in the new AD (access the group in okta and go through the "Manage Directories" steps . After that just take the steps in the first option to ensure the new AD is the profile master and deactivate the old one.

For assistance with these steps, please reach out to the support team.
David WelchDavid Welch
Hey Valentin,

Could you expand on this a little bit more?  Our scenario is as follows:

Migration of User Object from Domain A to Domain B.  User will logon to new computer in Domain B
Groups have already been duplicated from Domain A to Domain B.

What would be required to have Okta support members from both domains?  The UPN migrates with the new user.

What is required on the administrative side to allow this?