How To Migrate To Azure Active Directory®

By Greg Keller Posted April 9, 2017

How to Migrate to Azure Active Directory

Many IT admins are starting to think about how to migrate to Microsoft Azure Active Directory®. It’s an interesting issue because many IT organizations don’t realize that there isn’t a migration path from the legacy, on-prem Microsoft Active Directory to Azure AD. In fact, Microsoft’s strategy for the two Active Directory solutions is for both to exist side by side.

In other words…

The Migration Path is There is No Migration Path

This may sound counterintuitive – and it very much is counterintuitive. The approach only really makes sense when you’re considering it from the perspective of Microsoft’s best interest.

But you don’t have to take our word for it. We recommend reading this forum post on Spiceworks about the relationship between Azure and Active Directory. The critical excerpt is quoted below:

“Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

“That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

“As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.

“Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.  

“If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

“So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.”

Migrate from Active Directory via JumpCloud®

jumpcloud active directory extension diagram

If you can’t migrate to Azure AD, how do you move away from your on-prem Active Directory implementation? The choice is to leverage a cloud directory service called Directory-as-a-Service®. This modern IDaaS platform is changing the game for IT organizations. Specifically, the cloud identity provider unlocks IT’s ability to choose the right solutions for their team rather than be locked into Windows systems and applications as you are with AD.

Directory-as-a-Service securely manages and connects user identities to the IT resources those user’s need. That can include Mac, Linux, and Windows systems, web and on-prem applications, and WiFi network infrastructure. Also, the cloud-hosted directory integrates seamlessly with major cloud providers, such as G Suite, Office 365, and AWS, among others. In addition to authentication capabilities, Directory-as-a-Service manages systems with cross-platform GPO-like capabilities and provides a number of security features, including multi-factor authentication and password complexity management.

Let Us Guide You Through AD Cloud Migration

You can watch the video above to see a step-by-step walkthrough of how to migrate from Active Directory to JumpCloud’s cloud-based directory.

That said, you may have specific questions about your infrastructure and what role Azure could play. If you want answers about how to migrate to Azure Active Directory, drop us a note. Alternatively, check out Directory-as-a-Service if you are migrating from Active Directory. Many IT organizations are choosing JumpCloud as an alternative to AD. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts