Share via

Replacing OnPremise AD Domain Controllers & Exchange Servers with Active Directory Domain Services

EnterpriseArchitect 6,041 Reputation points
2022-03-17T01:24:14.38+00:00

Hi Folks,

According to: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/compare-identity-solutions

I am curious to know how can Azure AD DS help us to reduce the Hybrid AD & Exchange management, thus reducing operational cost & attack surface.
My Current Setup is 26x AD domain controllers for 13 different geographical locations across the world as Single AD Domain only.

2x AD DS OnPremise running as VM on each 13 AD sites,
3x Exchange Server 2016 with no mailbox.

Synched to Azure AD with AAD Connect since we have migrated all Exchange Mailboxes to Exchange Online.

What are the steps so I can safely decommission both Exchange Servers and those AD Domain controllers ?
What might not be working that still require us to retain those OnPremise AD Domain Controllers and Exchange servers?

Any help and suggestion would be greatly appreciated.

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,185 questions
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Exchange | Exchange Server | Management
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,931 Reputation points
    2022-03-17T09:24:06.16+00:00

    Hello @EnterpriseArchitect ,

    There is a detailed article of the most common features and advantages for Azure AD bvs OnPremise AD. You can find it here: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-compare-azure-ad-to-ad

    On the other hand, if you need more detailed information about the advantages, it may be related to your environment, systems, security and management policies, for which it would be recommended to get in touch with a Microsoft Trusted Partner to explore a specialized solution.

    You can find Partners next to you through the next link: https://learn.microsoft.com/en-us/partner-center/find-a-partner

    Hope this helps with your query,

    ----------

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.
  2. Thameur-BOURBITA 36,261 Reputation points Moderator
    2022-03-17T11:22:03.987+00:00

    Hi,

    If your have migrated all mailbox to Exchange online, and your Exchange server are not used , you can decom them.

    The Decommissioning of domain controllers is not easy, even if you have migrated all your applications to the cloud, workstations can be impacted since GPOs are managed by the active directory.

    Please don't forget to mark helpful reply as answer

    1 person found this answer helpful.
    0 comments
  3. KyleXu-MSFT 26,396 Reputation points
    2022-03-18T01:48:33.623+00:00

    @EnterpriseArchitect

    For Exchange server, after you migrated all mailboxes and needed public folder to Exchange online, if you don't need to use Exchange on-premises. You could uninstall the Exchange on-premises and local AD: How and when to decommission your on-premises Exchange servers in a hybrid deployment

    If you still need to local AD function, such as login in computer with local AD account credentials. You need to keep local AD and at least one Exchange server. Actually, after migrating AD accounts to Azure AD, all computers could join AAD domain and login with AAD credentials.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.