Forum Discussion
Migrate on-prem AD to azure AD having ADDS
I have to move legacy apps from on-prem to azure. What I read is to use ADDS for legacy apps authentication is the only option since some of my legacy apps are using SSO and some has service accounts at on-prem AD. the goals are below:
- Migrate on-prem active directory to azure active directory and have azure active directory domain services.
- Migrate local group policies to azure active directory domain services
- migrate all services accounts from azure managed identities so those can be used on legacy applications.
- Migrate all user profiles seamlessly.
- Completely demote on-prem active directory.
The environment is having 956 users and 20+ applications. currently have on-prem AD and azure AD and users are hybrid joined.
Please guide through the process and best practice for above scenario.
3 Replies
securityxpert1122 My suggestion is not to use Microsoft managed AD DS rather build AD DS using traditional way in Azure which means build a Windows VM and install AD DS. Post that configures that as read-only and sync all users. then transfer the FSMO roles and demote/decomm the on-prem-AD. It is more of legacy way of migrating Domain controllers.
Just FYI Azure AD cannot replace the On-prem AD as an example GPO are not supported by Azure AD or Microsoft Managed AD DS
- One of our clients was interested in going from IaaS Domain Controller to a PaaS solution in Azure. Active Directory is beyond my abilities, but this is the documentation we were able to provide. Might be helpful.
Road to the Cloud
https://learn.microsoft.com/en-us/entra/architecture/road-to-the-cloud-introduction
Microsoft 365 Cloud-Only Identity
https://learn.microsoft.com/en-us/microsoft-365/enterprise/cloud-only-identities?view=o365-worldwide
Migrate from Federation to Cloud Authentication
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/migrate-from-federation-to-cloud-authentication
Migrate to Cloud Authentication using Staged Rollout
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/migrate-from-federation-to-cloud-authentication
Transition to Cloud
https://learn.microsoft.com/en-us/entra/architecture/road-to-the-cloud-migrate
Convert On-Prem AD Connect Sycned Users to Cloud 365 Accounts and Retain Current Password
https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloud Just wondering you don't need to migrate whole DS to AAD but SSO between AAD and your app?
