Hi All -
We are changing our domain... abc.local to abc.org... We reviewed this change with VMWare support and they said that if the ObjectGUID changes, we would need to unenroll and enroll all 500 devices again. Deal breaker...
There has to be a way to point the users over to the new ObjectGUID, without having to re-enroll the device? SQL script? We want the change to happen seamlessly for the user with them only having to type their new password in for email authentication (Exchange ActiveSync). How can this be done? I cannot believe that a multi billion dollar company does not have a solution for a company changing domains. If a massive company had 5000+ mobile devices across the planet, they'd force them to re-enroll all the devices? That can't be.
I hope someone can point me in the right direction!!
Do you plan to rename or to migrate your domain?
ObjectGUIDs should persist if you rename your domain as they will never change (globally unique).
RenDom.exe is supported since Server 2003 -> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc... ... and might be the better choice to accomplish your task.
As mapping is defined under Settings > System > Enterprise Integration > Directory Services
you could "preserve" the old ObjectGUID into a customAttribute-field (using ADMT) which then is the "new" source for your Object Identifier.
Don't forget to automatically write this value for later new created account automatically to not run into any issues.
Vmware has a tool for this.. Which migrates all attributes over based on a unique identifier in your environment. If anyone has this issue in the future, ask for the WS1 Migration Tool. It's a bit tricky so be careful and make backups... Ensure there are no duplicate users in the environment. It is best to test this in a test OU before you do this within production.