Can i replace on premises domain controller with Azure Active Directory Domain Service

Hrishikesh Joshi 1 Reputation point
2021-12-24T10:58:48.537+00:00

One of my customer planning to migrate on premises domain controller to Azure AD DS & they don't want to keep domain controller in premises.

Already they are using O365 account & AD Sync in installed on existing domain controller. Is there any impact on existing setup if we do the migration to AAD DS.
Required best possible support as soon as possible to compete the project in given timeline.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,453 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Devaraj G 2,091 Reputation points
    2021-12-24T12:22:11.817+00:00

    Hi Hrishi,

    Its possible. But there are few considerations.

    Straight forward approach is to follow the traditional way. Extend your existing on-premises Active Directory infrastructure to Azure, by deploying a VM in Azure that runs AD DS as a Domain Controller with VPN connectivity and decommissioned the on-prem. you can get the Azure AD connected installed in new DC with staging mode.

    1. Azure ADDS only talks with Azure AD. There is no direct relationship with on-prem AD from Azure ADDS (until you create some forest trusts). Azure AD DS replicates identity information from Azure AD, so it works with Azure AD tenants that are cloud-only, or synchronized with an on-premises AD DS environment.
    2. So deploy Azure ADDS and sync with Azure AD and then decommission the on-prem AD and make synced users cloud only , then readd the domain joined machines to azure adds domain. - this step needs through planning and execution .
    3. Note : Azure ADDS is not same as your traditional AD. there are limitations and the way it operates is different since its a Microsoft managed domain.
      https://learn.microsoft.com/en-us/azure/active-directory-domain-services/faqs
    2 people found this answer helpful.
  2. Hrishikesh Joshi 1 Reputation point
    2022-01-02T05:55:07.027+00:00

    Hello Dev,

    Thanks,

    This project is still going on. Customer not integrated any legacy application with on prem ad & also not applied any complex GPO in environment hence i am planning to go with Azure AD & Microsoft Intune combination to replace it with the same.

    What is your opinion on it??

  3. Hrishikesh Joshi 1 Reputation point
    2022-01-03T06:13:29.357+00:00

    Hello Dev,

    If you have any documentation share with me it will help me in this case