Migrating from Hybrid to full Azure?

PhP59300 76 Reputation points
2021-01-19T15:58:27.05+00:00

We have a single server running Windows 2012. The server provides the following roles/functions:

  • Active Directory
  • GPO
  • File Shares
  • DNS
  • DHCP
  • RRAS (VPN)

We also have Azure AD connect installed on the server. Our on-prem AD domain is sync'ed to our Azure tenant. All users have a M365 Exchange online mailbox, we don't have an on-prem Exchange server.

In the last 12 months 90% of staff are now working remotely via VPN. We would like to to fully migrate over to Azure/M365 and decommission our on-prem server/AD? We plan to migrate the on-prem file shares to SharePoint/Teams and the office firewall can provide DNS, DHCP and VPN services. We only have a few GPO's and will use InTune to deal with polices etc. This leaves us with the on-prem AD. At the moment, in Azure, all users accounts are shown as 'AD Synced' and computers accounts are listed as 'Hybrid Azure AD joined'. Is there a recommended and support method to fully migrate these over to Azure so we can manage them from here and then safely decommission the on-prem server/AD? Or do we need to manually recreate all the users within Azure, drop the computers off the on-prem AD and enrol them back into Azure? Has anyone done anything like this and if so do you have any suggestions on how you did this while minimising disruption as much as possible?

thanks in advance

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,413 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 26,026 Reputation points Microsoft Employee
    2021-01-19T20:46:45.507+00:00

    Hi @PhilipPreece-5935 , my colleague Neelesh goes into great detail here about AAD and how you should use it for your situation.

    Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

    That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

    I would recommend looking over this thread because I think it has a lot of information that can help you. It looks like you're already pretty much good to go with Azure AD connect. Please let me know if I can clarify anything or help you with any of the processes involved.

    Best,
    James


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.