Forum Discussion

Mukund2020's avatar
Mukund2020
Copper Contributor
Jul 08, 2020

Migrate on prime ADDS to Azure Directory Services

i have Primary domain controller Server in Premise. Now i want to remove this whole Active directory boundary and move to Azure. How i can configure this.

 

1) My client should connect to Azure AD.

2) I can manage users from portal.

 

 

 

  • jonnychipz's avatar
    jonnychipz
    Copper Contributor

    Hi Mukund2020 

     

    The answer to this can be complicated depending on the level of use your existing onprem AD is being used for. i.e. applications, file service, ACL's, VPN access etc. (The list goes on).

     

    SO...... if we took this from a perspective of 

    1) How do you get your users 'Account' into Azure AD? 

    The answer to this can be viewed generally as 'Set up and ensure you have configured Azure AD Connect'

    Read about it here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect

    Download it here: https://www.microsoft.com/en-us/download/details.aspx?id=47594

     

     

    Your second point around 'Managing users from the portal' implies that you want to remove the link to your on prem Domain controllers? (Like I say, make sure this is actually what you want to do first! Also this assumes that you have successfully synchronised your user accounts and other objects from on Prem AD to AAD.

     

    2) How to I disable AADC and convert Synchronised users in cloud to 'Cloud Only'?

    The answer to this isn't simply to stop and remove AADC, your synchronised accounts should be  converted e to 'Cloud Only' and remember that it can take upto 72 hours to reenable sync if you need to, but if you do all of these steps then you should be able to mange all attributes with the Azure AD portal.

     

    Unfortunately (last time I looked) there isnt a nice way to convert Sync'd users to Cloud Only users within the portal, I know this has been requested as a feature, but Im not sure if MS have implemented it yet or not. So in the meantime you need to run a few PS lines to basically - Stop Sync, Remove Immutable ID. There are also work arounds by moving users into a non synced OU to allow AzureAD to 'delete' the accounts and then you can recover them as 'Cloud Only' accounts. Either way, like I say, there is no 'Clean' option.

     

    Obviously before you do any of this work I would suggest you test and then test again, so you make sure that what you are trying to achieve is going to work for you.

     

    Have a read of these blogs: 

    http://www.blogabout.cloud/2019/08/871/

    https://www.sikich.com/insight/office-365-convert-an-active-directory-synced-account-to-cloud-only/

     

    I hope this helps!

    John

     

     

Resources