Move from on-premises AD to Azure AD

%3CLINGO-SUB%20id%3D%22lingo-sub-36891%22%20slang%3D%22en-US%22%3EMove%20from%20on-premises%20AD%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-36891%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20a%20small%20shop%20and%20have%20moved%20pretty%20much%20everything%20to%20Azure%20except%20our%20on-premise%20AD%20which%20we%20only%20use%20for%20user%20authentication.%20We%20have%20users%20that%20were%20created%20in%20on-prem%20AD%20and%20synch%20to%20Azure%20AD%20%2F%20Office%20365%20with%20Azure%20AD%20connect.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20the%20procedure%20for%20moving%20them%20completely%20off%20of%20on-prem%20AD%20and%20decomissioning%20our%20AD%20controller%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-36891%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIdentity%20and%20Access%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-36909%22%20slang%3D%22en-US%22%3ERe%3A%20Move%20from%20on-premises%20AD%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-36909%22%20slang%3D%22en-US%22%3EThank%20you%20very%20much%20for%20this.%20We%20will%20look%20at%20AD%20Domain%20Services..%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-36899%22%20slang%3D%22en-US%22%3ERe%3A%20Move%20from%20on-premises%20AD%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-36899%22%20slang%3D%22en-US%22%3E%3CP%3EDepends%20on%20your%20goal%2Fexpectations.%20Azure%20AD%20is%20not%20a%20real%20AD%2C%20it%20cannot%20fully%20replace%20your%20on-prem%20AD%20as%20it%20lack%20features%20such%20as%20OUs%20and%20GPOs%20for%20example.%20You%20most%20likely%20have%20some%20on-prem%20applications%20that%20relies%20on%20AD%2C%20even%20if%20you%20have%20ditched%20the%20file%20servers.%20For%20such%20situations%2C%20a%20more%20suitable%20approach%20is%20to%20use%20Azure%20AD%20Domain%20Service.%20I'd%20sugges%20you%20familiarize%20yourself%20with%20the%20limitations%20of%20Azure%20AD%20and%20AD%20DS%20for%20that%20matter%2C%20before%20commiting%20to%20such%20a%20step.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

We are a small shop and have moved pretty much everything to Azure except our on-premise AD which we only use for user authentication. We have users that were created in on-prem AD and synch to Azure AD / Office 365 with Azure AD connect.

 

What is the procedure for moving them completely off of on-prem AD and decomissioning our AD controller?

2 Replies
Highlighted

Depends on your goal/expectations. Azure AD is not a real AD, it cannot fully replace your on-prem AD as it lack features such as OUs and GPOs for example. You most likely have some on-prem applications that relies on AD, even if you have ditched the file servers. For such situations, a more suitable approach is to use Azure AD Domain Service. I'd sugges you familiarize yourself with the limitations of Azure AD and AD DS for that matter, before commiting to such a step.

Highlighted
Thank you very much for this. We will look at AD Domain Services..