Forum Discussion
palchak
Mar 13, 2020Copper Contributor
Migrating On Prem AD to Azure AD and doing away completely with On Prem AD
One of my customers is presently using Azure AD and they are syncing with their On Prem AD using Azure AD Connect. The authentication being used is PHS. Now, they would like to get rid of their On Pr...
Moe_Kinani
Bronze Contributor
Hi Palchak,
I vote for IaaS, promoting DC vm in Azure AD and S2S vpn. MSFT has started supporting features that were available in Azure AD domain services (check article below). I think you can also save money with IaaS option.
Good luck and let us know if you have any other questions!
https://cloudbymoe.com/f/enable-ad-authentication-for-azure-smb-file-shares
I vote for IaaS, promoting DC vm in Azure AD and S2S vpn. MSFT has started supporting features that were available in Azure AD domain services (check article below). I think you can also save money with IaaS option.
Good luck and let us know if you have any other questions!
https://cloudbymoe.com/f/enable-ad-authentication-for-azure-smb-file-shares
palchak
Mar 13, 2020Copper Contributor
Moe_Kinani So after spinning up an IaaS VM and promoting it to a DC and ensuring it is replicated properly from On Prem DC, can i just go ahead and decommission the On Prem DC ? Will the DC that is in Azure now, can take care of all the authentication of the synchronised users from On Prem? What about the On Prem machines, can they use the new Azure AD DC to authenticate also, will that work?
- Moe_KinaniMar 13, 2020Bronze ContributorIt will work but it would take more time to authenticate because depending on S2S connection to go all the way to Azure DC. You need to make sure FSMO roles have moved to Azure DC and DNS is propely configured for those PCs pointing to Azure DC etc.
I always recommend to have DC on Prem so authentication will be faster and not depend on S2S vpn.
Hope this helps!
Moe