Forum Discussion

moogeboo's avatar
moogeboo
Copper Contributor
Jan 12, 2025

Understanding the best pathway to establish Hybrid Azure AD

Hello,

I have a client that has this setup:

On premise AD named abc.local

Microsoft hosted O365 Exchange belonging to a domain called abc.com.

The on premise domain and the hosted O365 email domain are not integrated and are separate. Thus, users need to be managed separately within each environment.

We want to establish a directory presence in the cloud using Azure AD to eventually establish SSO and provide a better user experience. However, I'm wondering what the best pathway would be to do that.

Do I extend our existing on premise domain into Azure with Azure AD first (that is extend abc.local to the Azure cloud), and then attempt to migrate the mailboxes once our hybrid domain has been established?

Or since we have a domain on O365 already (abc.com), use this as our primary domain, even though our user's on premise identities all belong to abc.local?

One thing we would like to do is not re-establish profiles on our on premise workstations. The windows 11 workstations all belong to the abc.local domain, and we would definitely not want to re-establish any user profiles by requiring us to move domain membership. Thus, the reason why we would like to maintain the abc.local domain if all possible.

Is there any best practice in terms of steps and what to do in this type of scenario that has been proven to work consistently?

Should I establish the abc.local into the cloud first (Entra ID) and then migrate the mailboxes?

Should I utilize the O365 domain already in Azure (abc.com) and migrate my local on premise domain to that? What about our user profiles?

Thanks for any info/input.

T

1 Reply

  • Kidd_Ip's avatar
    Kidd_Ip
    MVP
    Jan 13, 2025

    You may consider on below apporach:

     

    1. Extend On-Premises AD to Azure AD:
      • Use Azure AD Connect: This tool will synchronize your on-premises AD (abc.local) with Azure AD. It allows you to maintain your existing on-premises domain and user profiles while extending your directory to the cloud.
      • Password Hash Synchronization (PHS) or Pass-Through Authentication (PTA): These options enable users to sign in to Azure AD and Office 365 using their on-premises credentials, providing a seamless Single Sign-On (SSO) experience.
    2. Hybrid Exchange Deployment:
      • Set Up Hybrid Exchange: Configure a hybrid Exchange environment to manage mailboxes both on-premises and in Office 365. This allows you to migrate mailboxes gradually without disrupting user access.
      • Migrate Mailboxes: Once the hybrid environment is established, you can start migrating mailboxes from your on-premises Exchange to Office 365. This ensures a smooth transition without needing to re-establish user profiles.
    3. Maintain User Profiles:
      • Profile Management: Since your Windows 11 workstations are already joined to the abc.local domain, using Azure AD Connect ensures that user profiles remain intact. Users will continue to log in with their existing credentials, and their profiles will not need to be re-established.
    4. Use Existing Office 365 Domain (abc.com):
      • Domain Integration: After synchronizing your on-premises AD with Azure AD, you can configure Azure AD to recognize both abc.local and abc.com domains. This allows you to manage users and resources across both environments seamlessly.