Forum Discussion
Migrate on-prem AD to azure AD having ADDS
I have to move legacy apps from on-prem to azure. What I read is to use ADDS for legacy apps authentication is the only option since some of my legacy apps are using SSO and some has service accounts at on-prem AD. the goals are below:
- Migrate on-prem active directory to azure active directory and have azure active directory domain services.
- Migrate local group policies to azure active directory domain services
- migrate all services accounts from azure managed identities so those can be used on legacy applications.
- Migrate all user profiles seamlessly.
- Completely demote on-prem active directory.
The environment is having 956 users and 20+ applications. currently have on-prem AD and azure AD and users are hybrid joined.
Please guide through the process and best practice for above scenario.
securityxpert1122 My suggestion is not to use Microsoft managed AD DS rather build AD DS using traditional way in Azure which means build a Windows VM and install AD DS. Post that configures that as read-only and sync all users. then transfer the FSMO roles and demote/decomm the on-prem-AD. It is more of legacy way of migrating Domain controllers.
Just FYI Azure AD cannot replace the On-prem AD as an example GPO are not supported by Azure AD or Microsoft Managed AD DS
- One of our clients was interested in going from IaaS Domain Controller to a PaaS solution in Azure. Active Directory is beyond my abilities, but this is the documentation we were able to provide. Might be helpful.
Road to the Cloud
https://learn.microsoft.com/en-us/entra/architecture/road-to-the-cloud-introduction
Microsoft 365 Cloud-Only Identity
https://learn.microsoft.com/en-us/microsoft-365/enterprise/cloud-only-identities?view=o365-worldwide
Migrate from Federation to Cloud Authentication
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/migrate-from-federation-to-cloud-authentication
Migrate to Cloud Authentication using Staged Rollout
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/migrate-from-federation-to-cloud-authentication
Transition to Cloud
https://learn.microsoft.com/en-us/entra/architecture/road-to-the-cloud-migrate
Convert On-Prem AD Connect Sycned Users to Cloud 365 Accounts and Retain Current Password
https://learn.microsoft.com/en-us/answers/questions/843619/convert-on-prem-ad-connect-synched-users-to-cloud Just wondering you don't need to migrate whole DS to AAD but SSO between AAD and your app?
