Moving to Azure AD with on prem severs still around?

Wagner, Richard (Cognizant) 66 Reputation points
2022-06-03T23:11:07.63+00:00

Hello, we sites around the world and have most of our apps in Azure saas, paas or infra but we do still have a handful of apps that need to run on our on prem servers. We want to move to azure ad and not have on prem AD. Will we need to have 2 sets of logins, one for on prem and one for AD? We sync to azure today from on prem. We also migrated our files shares to azure and they are authenticated via onprem AD so is it best to move that to Sharepoint/Teams? What should I be careful with during the discovery phase? What are the showstoppers? Thanks!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,822 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Devaraj G 2,091 Reputation points
    2022-06-04T11:25:03.653+00:00

    Hi Rick,

    You can potentially plan with Azure AD + Azure ADDS to replace the on-prem based domain controllers. Extensive planning is required.
    Best to have sso experiance everywhere instead of different logins.

    File share can be migrated to Azure file with Azure ADDS permission support to store large amount of data. Rest can be stored in SharePoint \ teams based on collaboration needs.

    Major show stopped I have faced is end user authentication and management: How the endpoints are currently being managed - on-prem domain joined? or its azure ad joined with Intune?

    Note: Azure ADDS is not same as your traditional AD. there are limitations and the way it operates is different since it’s a Microsoft managed domain.
    https://learn.microsoft.com/en-us/azure/active-directory-domain-services/faqs

  2. Limitless Technology 39,336 Reputation points
    2022-06-07T07:42:42.017+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having queries related to moving from On-Perm to Azure AD.

    First you'll need an Azure Active Directory (Azure AD) tenant that is associated with your subscription, either synchronized with an on-premises directory or a cloud-only directory.

    After that you can create the managed domain (Azure ADDS).

    Then synchronize from your Azure AD -> Azure AD DS.

    The steps above are all part of the prerequisites:

    Tutorial: Create and configure an Azure Active Directory Domain Services managed domain
    https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance

    References:

    https://learn.microsoft.com/en-us/answers/questions/674845/can-i-replace-on-premises-domain-controller-with-a.html

    https://learn.microsoft.com/en-us/answers/questions/50525/moving-on-prem-ad-ds-to-aad-ds-migration-required.html

    --------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--