AD to Azure AD Migration?

There is no actual migration path from Active Directory to Azure Active Directory.

  • AAD is a flat (not hierarchical) structured data store. Hence, you can synchronize parts of your Active Directory to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.
  • Azure Active Directory is above all,  an identity and access management solution for hybrid or cloud-only implementations. It is NOT a full blown AD.

What can AAD do (that AD cannot)?

SaaS Single Pane of Glass – AAD can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. This is the primary use case. If your company uses Salesforce, Concur, ServiceNow, Office 365 and other SaaS Applications, AAD can be the single pane of glass for managing access to all these SaaS apps.

Consumer Access to Internal Apps – AAD B2C – In addition, Azure AD (B2C) can provide secure remote access for external users – to internally hosted applications.

Partner Access to Internal Apps and resources (fileshares etc.) – AAD  can also  help in B2B (cross-organization) collaboration by providing access for your partners to your resources.

Social Identity Integration – AAD can provide an identity management solution that incorporates  social identity providers, for all your consumer-facing applications.

MFA, Sign In Intelligence and other Advanced Services – Multi-Factor Authentication, alerts on Sign-ins from questionable devices and locations, and user behavioral analysis are a few additional offerings that distinguish AAD from your Active Directory on-premises.

Isn’t the Azure ADDS offering closer to the on premises AD?

Not really.

The ADDS service is not the usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud.

  • It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services.
  • There is NO REPLICATION to any other on-premises or cloud (in a VM) domain controller.
  • If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

Summary

Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Identity Migration? Set up a time with Anuj Varma.