question

ReezAli-2534 avatar image
0 Votes"
ReezAli-2534 asked ReezAli-2534 commented

Moving on Premise Active Directory to Azure AD

Hello,

Our company is looking to move from On-Premise Active Directory to Azure Active Directory, we are only looking to move only Active Directory to Azure. We are not looking for a Hybrid solution.

1) What are the steps involved in doing that?
2) I read few forums and it confused me little. Forum mentiones that it has to be done though Corss Forest Migration.
3) Please help me to see if this are the correct steps
Sync On Premise AD to Azure AD through Azure AD Connect
After Sync Create Azure AD DS and Sync to Azure AD (for Which VM needs to be created which will have role of Domain Services
* Part of above process we need to create a Virtual Network and 2 Subnets one for Azure AD DS and other for VM server.
4) Does it mean we can remove the on premise Domain Services after that process.

Will really appreciate your help with this.


azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered ReezAli-2534 commented

Hi @ReezAli-2534 • Thank you for reaching out.

Yes, the steps you have mentioned are correct. Just to add to the text in red below, the VM will just have the binaries to manage Active Directory, it won't be promoted as a Domain Controller.

When Azure AD DS is deployed, 2 domain controllers are deployed in the backend and access to the VMs of those domain controllers is not provided.

  1. Sync On Premise AD to Azure AD through Azure AD Connect

  2. After Sync Create Azure AD DS and Sync to Azure AD ( for Which VM needs to be created which will have role of Domain Services )

  3. Part of above process we need to create a Virtual Network and 2 Subnets one for Azure AD DS and other for VM server.

Note: In case of Azure ADDS, you won't have Enterprise administrator privileges, due to which you might not be able to perform all the tasks that you can perform in on-premises AD.
Also, keep in mind that schema extension and geo-distributed deployment is not supported with Azure AD DS.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you please help me with the following questions?

1) All the computers need to be reconnected to the domain through Azure AD join?
2) Do we need to reset passwords for all users manually? and Connect the computer to Azure AD

I tried to create a demo environment to test it out, unfortunately, I was not able to login to the VM with the credentials that I created initially. (I did assign Custom DNS server IP address to VM as well as to AD Domain Services) Any idea what could be wrong

Thank you,

0 Votes 0 ·

Hi @ReezAli-2534 · Please find my comments inline:

1) All the computers need to be reconnected to the domain through Azure AD join?
Azure AD Join is different than Joining to Azure AD Domain Services. If you want to use NTLM/Kerberos for authentication, you will need to join the devices to Azure AD domain services and it has to be done manually.
2) Do we need to reset passwords for all users manually? and Connect the computer to Azure AD
Yes, passwords need to be reset to synchronized to Azure AD DS, which is triggered by resetting the password.

When you say, I was not able to login to the VM with the credentials that I created initially, what is the error message you get? If it is incorrect password or account is locked out, it is most probably because the password hash is not synchronized. Try resetting password in Azure AD and then try to login again.

0 Votes 0 ·

Hi @ReezAli-2534 · Just checking if you have any further question.

0 Votes 0 ·

Hi Amanpreetsignh,

Thank you for the clear explanation. Considering you now know our existing environment. I was wondering if you can help me to find out the cost. Our current On-Premise server is Xeon E5-4620v4 @2.10GHz. I will appreciate it if you can help us to know what all services we will have to subscribe for?

Do we have to go with the specific server? How many IP's we need and what other costs will be involved.

Thank you,

0 Votes 0 ·

Hi @amanpreetsingh-msft

I was reading another post and it said that we need a VPN connection to connect to Azure AD DS. Whereas we can connect to Azure AD without a VPN. Do the users need to be connected to a VPN all the time?

Thank you,

0 Votes 0 ·