Moving an existing Active Directory (AD) forest to the cloud using Microsoft Entra ID (formerly Azure AD) is a common and feasible scenario. Let’s address your questions:
Integrate on-premises AD with Azure
- Feasibility of Replacing On-Premises AD with Entra ID
Yes, it is feasible to eventually replace your on-premises AD with Entra ID. Many organizations are transitioning to cloud-based identity and access management. Entra ID offers features like self-service password reset (SSPR), conditional access, and dynamic groups, making it a powerful choice for modernizing your directory services.
- Using Windows Server 2012 R2 in the Process
While Windows Server 2012 R2 can be used, it is recommended to use a more recent version like Windows Server 2016 or later. This ensures better compatibility and support throughout the migration process. Microsoft’s documentation provides guidance on prerequisites and setup.
- AD Connectivity After Demoting the On-Premises Server
Once you demote and decommission the on-premises server, Entra ID will handle AD connectivity:
- Windows 10/11 Devices: These can seamlessly connect to Entra ID in the cloud without requiring an additional agent on each device. The built-in mechanisms in the Windows OS handle authentication and communication with Entra ID.
- Role of Entra Connect Agent
Initially, you’ll use Entra Connect to synchronize your existing AD with Entra ID. After the migration:
- Eliminating Entra Connect Agent: Post-migration, you can eliminate the Entra Connect agent and rely on native Windows functionality. Devices will authenticate directly with Entra ID using protocols like OAuth and OpenID Connect.
By following these steps, you can ensure a smooth transition from on-premises AD to Entra ID, leveraging modern cloud-based identity management capabilities.
For more detailed guidance, check Azure AD Connect documentation and Hybrid Azure AD Join documentation. Youtube : Microsoft Entra ID Beginner's Tutorial (Azure Active Directory)
and Microsoft Entra ID: Application and identity migration to Azure AD B2C