The Scenario

When utilizing PowerSyncPro to migrate workstations to a new target environment, special consideration must be given to devices currently managed by Microsoft Configuration Manager (SCCM / MECM).

Because a workstation's SCCM client identity is deeply bound to its underlying Active Directory or hybrid Entra identity at the time of registration, changing the device's join state mid-lifecycle can cause severe authentication mismatches. PowerSyncPro actively tears down the legacy identity during the migration process, meaning any existing SCCM client left on the machine will retain stale artifacts such as the old SMS GUID, defunct hybrid token caches, and invalid client certificates.

To prevent these issues, administrators must evaluate their target management strategy and properly prepare the SCCM client before the PowerSyncPro migration executes.

Migration Scenarios & Requirements

How you handle the SCCM client depends entirely on your target device state and management goals post-migration.

1. Migrating to Entra ID (No Co-Management)

If the workstation is moving to a cloud-native Entra ID join state and will be managed strictly by Microsoft Intune going forward, the existing SCCM client is no longer required.

• Action Required: The SCCM client must be completely uninstalled from the device prior to the migration.

2. Migrating to Entra ID (With Co-Management)

Microsoft does not support an "identity transplant" to convert an existing hybrid-joined SCCM client into an Entra-only co-managed client. If you leave the existing SCCM client in place, it will fail to authenticate to the Cloud Management Gateway (CMG) after the migration because it is still utilizing the legacy hybrid identity.

• Action Required: You must perform a complete, deep uninstall of the SCCM client before the migration.
• Post-Migration Reinstall: After PowerSyncPro joins the device to the new Entra tenant, the user logs in, and the device will automatically enroll into Intune. You must rely on an Intune co-management settings policy in the target tenant to push down a fresh SCCM client installation. This forces the client to register a brand-new SMS GUID anchored to the new Entra identity.

3. Migrating to Another Active Directory (AD-to-AD / Hybrid)

If the machine is being migrated into a different on-premises Active Directory or a different hybrid environment, the SCCM configuration requires a thorough architectural review.

• Action Required: You must evaluate how SCCM is configured in the target environment (e.g., boundaries, site codes, PKI certificates) to determine if a full re-installation of the SCCM client is required, or if the client can be re-pointed to the new management point post-migration.

The Recommended SCCM Removal Process

Standard uninstallation commands often leave behind orphaned WMI namespaces, registry keys, and certificates that will conflict with the post-migration management tooling.

To properly prepare a device for migration, we have seen good results using this community-driven SCCM Client Removal Script available on GitHub here: sccm_removal.ps1.

Execution Method: PowerSyncPro Startup Script

Your chosen script should be run as a "Startup" script within your PowerSyncPro runbook. PowerSyncPro guarantees that the script executes silently as SYSTEM at the exact right moment in the migration sequence, before any directory join operations occur. How to create a command line package to Run.