locked
How to migrate users from local AD(on premises) to Azure AD? RRS feed

  • Question

  • Hello

    Has anyone managed to migrate(not sync) their users with passwords and details from local Active Directory(on premises) to Azure Active Directory?

    Thanks!


    • Edited by Raducu Ilie Wednesday, December 6, 2017 6:07 PM
    Wednesday, December 6, 2017 6:05 PM

Answers

  • No, as those are two very different products. Azure AD is NOT a replacement for on-premises AD. If that's what you are after, take a look at Azure AD Domain Services or spin up an Azure VM and promote a DC.
    • Proposed as answer by vijisankar Wednesday, December 6, 2017 7:42 PM
    • Marked as answer by Raducu Ilie Thursday, December 7, 2017 7:56 AM
    Wednesday, December 6, 2017 7:33 PM
  • In Addition to Vasil's response, Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

    That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

    As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.

    Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.  

    If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

    So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD. This is how you can do it in 4 clicks and a few minutes.
    -------------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members.  
    • Proposed as answer by vijisankar Wednesday, December 6, 2017 7:42 PM
    • Marked as answer by Raducu Ilie Thursday, December 7, 2017 7:57 AM
    Wednesday, December 6, 2017 7:42 PM

All replies

  • No, as those are two very different products. Azure AD is NOT a replacement for on-premises AD. If that's what you are after, take a look at Azure AD Domain Services or spin up an Azure VM and promote a DC.
    • Proposed as answer by vijisankar Wednesday, December 6, 2017 7:42 PM
    • Marked as answer by Raducu Ilie Thursday, December 7, 2017 7:56 AM
    Wednesday, December 6, 2017 7:33 PM
  • In Addition to Vasil's response, Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

    That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

    As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.

    Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.  

    If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

    So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD. This is how you can do it in 4 clicks and a few minutes.
    -------------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members.  
    • Proposed as answer by vijisankar Wednesday, December 6, 2017 7:42 PM
    • Marked as answer by Raducu Ilie Thursday, December 7, 2017 7:57 AM
    Wednesday, December 6, 2017 7:42 PM
  • Hello,

    What is the solution if I want to use in the future just Azure Active Directory? I want to shut-down local AD and just add users in Azure Active Directory, not in local AD and synchronizing with AD Connect. 

    Thank you!

    Monday, January 14, 2019 2:25 PM