none
How To Re-home Users Synced to Azure AD from On Premises

    Question

  • I have a small home AD that really is serving no purpose anymore other than logging onto machines and some level of permissions for sharing.  All AD accounts have been synced with Azure AD.  Since Azure AD considers their source to be the Local Directory, they cannot be modified in Azure AD.  I'd like to find out if there is a way in which I can "rehome" all of these users so that Azure AD is the source.  My goal is to change all our computers to Windows 10, and have login done directly to Azure AD.  We don't use any of the other on premise AD services, so there is no loss of functionality that I'm concerned with.  

    My Azure AD controllers are currently running in VMs on a couple of HyperV hosts, and I'd like to kill the whole thing off if possible, but I haven't seen a way to do what I've described above.

    Thanks.

    Tuesday, May 2, 2017 2:32 PM

Answers

  • Simply disable DirSync? This will change the source of authority to Azure AD and you can manage them directly.

    Azure AD Join is not a replacement for "traditional" AD though, so make sure you will not be missing any features you are used to, before committing to this approach. Should be OK in your scenario I guess, but double-checking doesn't hurt :)

    • Marked as answer by Steve Peschka Wednesday, May 3, 2017 7:32 PM
    Tuesday, May 2, 2017 7:54 PM

All replies

  • I have a small home AD that really is serving no purpose anymore other than logging onto machines and some level of permissions for sharing.  All AD accounts have been synced with Azure AD.  Since Azure AD considers their source to be the Local Directory, they cannot be modified in Azure AD.  I'd like to find out if there is a way in which I can "rehome" all of these users so that Azure AD is the source.  My goal is to change all our computers to Windows 10, and have login done directly to Azure AD.  We don't use any of the other on premise AD services, so there is no loss of functionality that I'm concerned with.  

    My Azure AD controllers are currently running in VMs on a couple of HyperV hosts, and I'd like to kill the whole thing off if possible, but I haven't seen a way to do what I've described above.

    Thanks.

    Tuesday, May 2, 2017 2:31 PM
  • Simply disable DirSync? This will change the source of authority to Azure AD and you can manage them directly.

    Azure AD Join is not a replacement for "traditional" AD though, so make sure you will not be missing any features you are used to, before committing to this approach. Should be OK in your scenario I guess, but double-checking doesn't hurt :)

    • Marked as answer by Steve Peschka Wednesday, May 3, 2017 7:32 PM
    Tuesday, May 2, 2017 7:54 PM