How to migrate AWS AD to Azure AD?

Athira Chandran 20 Reputation points
2024-01-29T07:34:34.5366667+00:00

I am looking to migrate users and groups from AWS to Azure AD. Are there any relevant documentation or guides available that can help me accomplish this?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,632 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sedat SALMAN 12,350 Reputation points
    2024-01-29T09:07:25.1966667+00:00

    As I understand you want to migrate AWS IAM users and groups to Azure Active Directory A step-by-step procedure is like the following Extract user data from AWS IAM, including user names, roles, policies, and group memberships. se AWS CLI or scripting tools to automate this process if necessary.

    aws configure set profile.your-profile-name  
    
    aws iam list-users --profile your-profile-name > users.json  
    
    aws iam list-groups --profile your-profile-name > groups.json  
    
    for user in $(jq -r '.Users[].UserName' users.json); do     
    	# Get user's group memberships     
    	aws iam list-groups-for-user --user-name $user --profile your-profile-name > "group_membership_$user.json"      
    	# Get user's attached policies     
    	aws iam list-attached-user-policies --user-name $user --profile your-profile-name > "policies_$user.json" 
    done
    

    Use Azure AD's bulk user import capabilities or PowerShell scripts to import user data.

    
    Import-Module AzureAD  
    
    Connect-AzureAD  
    
    $users = Get-Content -Path "users.json" | ConvertFrom-Json  
    
    foreach ($user in $users.Users) {     
     
    	$newUserParams = @{         
    		DisplayName = $user.UserName         
    		UserPrincipalName = "$($user.UserName)@yourdomain.com"         
    		AccountEnabled = $true         
    		PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
    		PasswordProfile.Password = "InitialPassword123" 
    		# Set a default password     
    	}      
    New-AzureADUser @newUserParams 
    
    } 
    
    
    

    those two scripts are just for reference i offer you to modify those scripts accordingly.

    0 comments No comments