Replacing OnPremise AD Domain Controllers & Exchange Servers with Active Directory Domain Services

EnterpriseArchitect 4,681 Reputation points
2022-03-17T01:24:14.38+00:00

Hi Folks,

According to: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/compare-identity-solutions

I am curious to know how can Azure AD DS help us to reduce the Hybrid AD & Exchange management, thus reducing operational cost & attack surface.
My Current Setup is 26x AD domain controllers for 13 different geographical locations across the world as Single AD Domain only.

2x AD DS OnPremise running as VM on each 13 AD sites,
3x Exchange Server 2016 with no mailbox.

Synched to Azure AD with AAD Connect since we have migrated all Exchange Mailboxes to Exchange Online.

What are the steps so I can safely decommission both Exchange Servers and those AD Domain controllers ?
What might not be working that still require us to retain those OnPremise AD Domain Controllers and Exchange servers?

Any help and suggestion would be greatly appreciated.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,813 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,160 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,330 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,362 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,336 Reputation points
    2022-03-17T09:24:06.16+00:00

    Hello @EnterpriseArchitect ,

    There is a detailed article of the most common features and advantages for Azure AD bvs OnPremise AD. You can find it here: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-compare-azure-ad-to-ad

    On the other hand, if you need more detailed information about the advantages, it may be related to your environment, systems, security and management policies, for which it would be recommended to get in touch with a Microsoft Trusted Partner to explore a specialized solution.

    You can find Partners next to you through the next link: https://learn.microsoft.com/en-us/partner-center/find-a-partner

    Hope this helps with your query,

    ----------

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.
  2. Thameur-BOURBITA 32,496 Reputation points
    2022-03-17T11:22:03.987+00:00

    Hi,

    If your have migrated all mailbox to Exchange online, and your Exchange server are not used , you can decom them.

    The Decommissioning of domain controllers is not easy, even if you have migrated all your applications to the cloud, workstations can be impacted since GPOs are managed by the active directory.

    Please don't forget to mark helpful reply as answer

    1 person found this answer helpful.
    0 comments
  3. KyleXu-MSFT 26,206 Reputation points
    2022-03-18T01:48:33.623+00:00

    @EnterpriseArchitect

    For Exchange server, after you migrated all mailboxes and needed public folder to Exchange online, if you don't need to use Exchange on-premises. You could uninstall the Exchange on-premises and local AD: How and when to decommission your on-premises Exchange servers in a hybrid deployment

    If you still need to local AD function, such as login in computer with local AD account credentials. You need to keep local AD and at least one Exchange server. Actually, after migrating AD accounts to Azure AD, all computers could join AAD domain and login with AAD credentials.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments