question

PhP59300 avatar image
0 Votes"
PhP59300 asked PhP59300 commented

Migrating from Hybrid to full Azure?

We have a single server running Windows 2012. The server provides the following roles/functions:

  • Active Directory

  • GPO

  • File Shares

  • DNS

  • DHCP

  • RRAS (VPN)

We also have Azure AD connect installed on the server. Our on-prem AD domain is sync'ed to our Azure tenant. All users have a M365 Exchange online mailbox, we don't have an on-prem Exchange server.

In the last 12 months 90% of staff are now working remotely via VPN. We would like to to fully migrate over to Azure/M365 and decommission our on-prem server/AD? We plan to migrate the on-prem file shares to SharePoint/Teams and the office firewall can provide DNS, DHCP and VPN services. We only have a few GPO's and will use InTune to deal with polices etc. This leaves us with the on-prem AD. At the moment, in Azure, all users accounts are shown as 'AD Synced' and computers accounts are listed as 'Hybrid Azure AD joined'. Is there a recommended and support method to fully migrate these over to Azure so we can manage them from here and then safely decommission the on-prem server/AD? Or do we need to manually recreate all the users within Azure, drop the computers off the on-prem AD and enrol them back into Azure? Has anyone done anything like this and if so do you have any suggestions on how you did this while minimising disruption as much as possible?

thanks in advance

azure-ad-user-provisioning
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered PhP59300 commented

Hi @PhilipPreece-5935 , my colleague Neelesh goes into great detail here about AAD and how you should use it for your situation.


Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

I would recommend looking over this thread because I think it has a lot of information that can help you. It looks like you're already pretty much good to go with Azure AD connect. Please let me know if I can clarify anything or help you with any of the processes involved.

Best,
James



· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the reply James.

I understand AAD isn't a direct replacement for AD and that we would lose some functionality which AAD cannot provide, however, we are ok with this. We're not running SQL, Exchange or any other on-prem applications which requires AD so it would be much simpler for us to go full cloud. If we were setting up a new business this is exactly what we would do. Create the new users, groups and mailboxes within AAD and then enrol the client devices in to AAD. I guess we could setup a new Azure tenant/subscription, setup new users, groups, etc and then migrate the M365 mailboxes and on-prem file data but this just seems very long winded when we already have this in the existing tenant/subscription. We just want to cut the ties with our on-prem AD so we can manage everything from Azure/M365 portal.

0 Votes 0 ·

You found a usefull path. We are in the same situation and while it seems it might be a simple transition, the documentation for it seems absent.

0 Votes 0 ·
PhP59300 avatar image PhP59300 MortenNielsen-4787 ·

Unfortunately no. Seems Microsoft are actively encouraging customers to move away from their on-prem products and over to their cloud solution but offer no supported migration path or guidance. I completely understand AAD isn't a complete substitute for AD, however, for most small/medium sized organisation Azure/M365/Intune etc offers more than enough.

I am aware of an unsupported method to migrate AD to AAD, however, there is still a lot of manual work involved and if you hit any issues its very unlikely MS will offer any help.

0 Votes 0 ·