Forum Discussion

Jeff Harlow's avatar
Jeff Harlow
Iron Contributor
Jan 25, 2019

Migration to AzureAD

We currently have an On-Premise Exchange Server (2010) and Active Directory. We are wanting to migrate everything to Cloud-First.  Over the past year and a half, we have migrated all of our Exchange Mailboxes to Exchange Online. All of our MX records are EOP and all on-premise services now use EOP for mail routing. So I feel we are ready to pull the plug on the Exchange Server. However, user accounts are still syncing and I know I read that in a hybrid, everything should be created on-premise.  So the next stage was to migrate all of desktop to AzureAD. That process has now been completed. All of our desktops and laptops are now running Windows 10-Oct 2018 (1809), AzureAD and Intune managed.  

 

So I assume we need to transfer the acting authentication over to AzureAD (now making it the primary)?  Removing the dreadful, this account is synced you have to managed it on premise crap.   Then after that, we should be able to shutdown the on premise Exchange server for good and continue migrating the few servers we have either to a local workgroup or to a Azure VM.  


Am I on the right path here? 

 

Thanks. 

  • So in a nutshell, every scenario involving DirSync requires you to keep at least one Exchange box for management purposes, if you want to stay in "supported" configuration. If the plan is to ditch DirSync altogether and manage objects directly in the cloud, you will have no trouble with this approach and will still be "supported".

     

    Make sure you understand the limitations of Azure AD though - it's not a real replacement for AD, there are no OUs for example, no GPOs, etc.

    • Jeff Harlow's avatar
      Jeff Harlow
      Iron Contributor

      Thanks for the confirmation. Yeah, we are wanting to ditch everything on-premise in favor of the Cloud. Management wants to reduce costs.  

       

      We are a small business and while there are definitely limitations with AzureAD (like GPOs) most of what we *need* can be handled through Intune.  There are some things I would like to see and now they are starting to add better support for admin templates, I see a light at the end of that tunnel.  OUs are not as important for our size of a business. Nothing group memberships can not handle.  

Resources