![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 60%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
6,456 questions
Hello @jpcapone
In case of Pass Through Authentication (PTA), PTA agents are used to facilitate the authentication from On-premises AD. So, once your migration is completed, you would need to install PTA Agents in the new domain and uninstall all the existing agents in the old domain. Once the agents are uninstalled, outbound connection to AAD won't exist from the old domain and the Agent status will become inactive. Inactive agents are removed automatically from the AAD tenant after 10 days of inactivity and can't be removed manually. However, authentication requests will only be sent to the Active Agents. So make there is no active PTA agent in old domain as after migration all authentication requests should go to the new domain.
I would strongly recommend you to test it in Dev environment before performing it in the production.
As a failover plan, you may consider configuring PHS as a backup through "Customize synchronization options" > connect to Azure and AD > Optional features > PHS.
Note: This will just act as a backup and PTA will remain your primary mode of authentication. Authentication will not fallback to PHS automatically and you would have to manually switch to PHS if needed.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
