This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I'm considering if we can remove completely OnPrem AD and use only Azure AD for clients and Server authentication.. We want to have some terminal servers OnPrem but completely decommission OnPrem AD (AD DS).. Any suggestions??
Hello @Anonymous and welcome to Q&A!
Technically this can be done by leveraging Azure AD DS and extending access to On Prem servers using some kind of site to site VPN like ExpressRoute. Azure AD DS provides a managed experience which resembles Windows AD.
I found this one but don't know if it will work if I want to leave some OnPrem servers running like RDS and SQL. https://learn.microsoft.com/en-us/azure/active-directory-domain-services/
If you are using terminal server/RDS then you will still need AD for authentication and most likely for other things like group policies, NTFS permissions on SMB shares etc. There are many organisations looking to remove AD but it's often quite challenging unless you are moving fully to the cloud.
I found this one but don't know if it will work if I want to leave some OnPrem servers running like RDS and SQL. https://learn.microsoft.com/en-us/azure/active-directory-domain-services/
You’re right, using Azure AD DS will not help with client authentication in this case unfortunately.
Hello,
Thank you for your question.
You can remove completely OnPrem AD , if you do not have any OnPrem clients or if you are not using any Local AD related roles for example. DFS, DNS, File shares, Hyper-V , Group policies etc.
Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.
Please also note that removing of completely OnPrem AD domain will required some additional configurations on network and configuring Azure VPN which will chargable.
Please have a look on below Microsoft threads and articles.
-------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--