By Greg Keller Posted December 11, 2019
IT admins actively seeking to migrate to Azure® Active Directory® (AAD) from on-prem Active Directory (AD) are investigating to see if it’s possible. This presents an interesting issue because there is no migration path from on-prem AD to AAD. In fact, Microsoft’s strategy for these two platforms is to complement one another.
What Is Azure AD’s Purpose?
It may sound counterintuitive, especially because many people think that AAD represents the cloud version of AD. Unfortunately, it primarily functions as an extension to on-prem AD by providing user management for O365 / Azure and SSO for web apps. The approach only makes sense when you consider it from the perspective of Microsoft’s best interest.
Don’t just take our word for it, though. We recommend reading this post on Spiceworks which details the relationship between Azure AD and AD. The critical excerpt is quoted below:
“Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.
“That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.
“As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.
“Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.
“If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.
“So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.”
Migrate to a Cloud-Based Alternative
It’s clear that creating a migration path from on-prem AD to AAD isn’t Microsoft’s intention. For those that currently seek a means of moving their on-prem identity management needs to the cloud, a cloud-based AAD alternative may pique their interest.
One example is JumpCloud® Directory-as-a-Service®. JumpCloud enables IT to choose the right solutions for their team, rather than get locked into Windows® systems and applications. For users, that means they have the ability to utilize the system they’re most productive on – Windows, macOS® or Linux®.
Further, JumpCloud integrates directly with major cloud providers such as G Suite™, Office 365™, AWS®, Azure®, Salesforce®, and hundreds of others. Plus, with True Single-Sign On™, users utilize one set of credentials for virtually all of their resources.
As for security, JumpCloud protects your assets with tools like RADIUS for network authentication, SSH key management and dissemination, cross-platform GPO-like Policies for system management, multi-factor authentication (MFA), password complexity management, and more.
Let Us Help Guide Your AD Migration
Learn More About JumpCloud
Ready to see JumpCloud in action? Sign up for a free personalized demo to see how JumpCloud helps you realize your cloud goals.