Forum Discussion
Solved
Leaving On-prem Active Directory
I’ve drunk the cool-aid and keen to fully embrace Azure, though I’m wondering is it possible to completely abandon the traditional On-prem or IaaS Active Directory instanced and purely use Azure AD & ...
I used the articles below to migrate the domains, hope it helps as well.
https://www.petenetlive.com/KB/Article/0001305https://www.petenetlive.com/KB/Article/0001306https://www.petenetlive.com/KB/Article/0001307https://www.petenetlive.com/KB/Article/0001308The client was already using O365 and Azure in Hybrid Environment, multiple domains were syncing with ADConnect to one MSFT Tenant.Let me know if you have any questions.. Good Luck!
Hi Yuukan,
I have done similar migration with two forests. You have three options here:
1. Using AD migration tool to migrate all domains into one, and then migrate to AAD domain services with clean Domain and sync to cloud. I can send you blogs on how to do it.
2. Move all forests and domains AAD Domain services, then sync all domains to the cloud. You pay a lot more with this method.
3. Use only AAD without traditional AD but you have to migrate group policies to Intune. You can use Securitly Baseline, Administrative Template and OMI profiles.
I would definitely go with take number 1 because cleaner and cheaper because you’re using only one domain. I don’t have blog with summarize all the steps but happy to answer any questions.
I have done similar migration with two forests. You have three options here:
1. Using AD migration tool to migrate all domains into one, and then migrate to AAD domain services with clean Domain and sync to cloud. I can send you blogs on how to do it.
2. Move all forests and domains AAD Domain services, then sync all domains to the cloud. You pay a lot more with this method.
3. Use only AAD without traditional AD but you have to migrate group policies to Intune. You can use Securitly Baseline, Administrative Template and OMI profiles.
I would definitely go with take number 1 because cleaner and cheaper because you’re using only one domain. I don’t have blog with summarize all the steps but happy to answer any questions.
So Option 1 is the approach I'm planning to do at the moment and would be happy to see this one. I'd be happy to look at some of those blogs you suggested.
I was a bit thrown by some colleagues saying that the intermediate domain domain would be a waste of time and effort if we are anyway going to sync up into AAD DS.
In my head it is an extra step, but you are setting yourself a fall back safety net should the initial migration run into any troubles.
Have you ever had to do this with a client that already has a somewhat partial footprint in Azure & O365 ?
I was a bit thrown by some colleagues saying that the intermediate domain domain would be a waste of time and effort if we are anyway going to sync up into AAD DS.
In my head it is an extra step, but you are setting yourself a fall back safety net should the initial migration run into any troubles.
Have you ever had to do this with a client that already has a somewhat partial footprint in Azure & O365 ?
I used the articles below to migrate the domains, hope it helps as well.
https://www.petenetlive.com/KB/Article/0001305https://www.petenetlive.com/KB/Article/0001306https://www.petenetlive.com/KB/Article/0001307https://www.petenetlive.com/KB/Article/0001308The client was already using O365 and Azure in Hybrid Environment, multiple domains were syncing with ADConnect to one MSFT Tenant.Let me know if you have any questions.. Good Luck!Moe_Kinani
That sounds like a similar setup to the environment I'm working on at the moment.