question

MikeMinster-0553 avatar image
0 Votes"
MikeMinster-0553 asked gigabitjack commented

Can you replace on premise AD with Azure AD and Azure AD DS?

I was hoping to get some direction and current information on replacing on premise AD with Azure AD. Is it supported?

azure-ad-domain-services
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MikeMinster-0553 ,

are there any additional questions?
If you found the answer helpful, it would be great if you please mark it "Accept as answer". This will help others to find answers in Q&A


Regards
Andreas Baumgarten

0 Votes 0 ·

1 Answer

AndreasBaumgarten avatar image
1 Vote"
AndreasBaumgarten answered gigabitjack commented
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

As Andreas already said. It depends ;-)

It depends on your application landscape, requirements etc.

If for example you don't need kerberos, ldap, ntlm authentication and all your applications are SaaS and/or are relying on oauth then you wouldn't need an OnPrem AD.
Windows Clients can be managed completely by Azure AD / Intune(MDM).
But if you have some legacy applications relying on Windows Authentication then you will need it at least Azure AD DS, depending on your usecase you might even need a classical AD.

0 Votes 0 ·

Thank you. How do computers onsite communicate with Azure AD? Do you need a VPN tunnel between the office computers and the cloud?

0 Votes 0 ·

The Azure AD is reachable via Internet (without a VPN).
For accessing the Azure Active Directory Domain Services you need a VPN connection (Site To Site) for your on-premises computers.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

1 Vote 1 ·

Hi. Thank you. I know that you can move user accounts to the cloud, but how about computer accounts? Do they need to be dis-joined and then re-joined to the cloud AD?

0 Votes 0 ·

If the goal is to move away from the on-premises AD, then yes you can convert domain-joined systems to AAD-Joined systems by unjoining from the local domain and joining to AAD. You can also extend existing AD computers to AAD, a state that's called "Hybrid Azure AD Joined."

Typically, it's recommended to start joining new workstations to AAD as part of workstation deployment, but it can also be accomplished with Autopilot with self-service.

I'd check out the different device-join types here: https://docs.microsoft.com/en-us/azure/active-directory/devices/overview


1 Vote 1 ·