Migrating from Active Directory® to Azure® Active Directory

Written by Rajat Bhargava on January 23, 2017

Share This Article

With the introduction of Microsoft’s cloud-hosted directory service, Azure Active Directory, many IT organizations are wondering how that fits into their overall identity management strategy.

Can organizations succeed in migrating from Active Directory to Azure Active Directory?

It’s an interesting thought and one that many IT admins are excited about.

Why Migrate?

Making the move to a cloud IDaaS platform such as Azure can be a great win. Just like many other modern cloud-hosted network infrastructure solutions, the benefits of shifting to the cloud for identity management can be significant. You can avoid the hardware and software expense. And maintenance of infrastructure isn’t needed. That means no patching, networking, and security configurations and solutions to integrate.

Moreover, you can get better, pay-as-you-go pricing rather than purchasing all of the resources needed up-front.

But Can Azure Active Directory Replace Active Directory?

Not surprisingly, the issue quickly turns to whether Azure Active Directory is a replacement to Active Directory. We’ll let a post on Spiceworks from Microsoft shed light on this issue.

Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.

Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.  

If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.

As you can see, even Microsoft doesn’t believe that Azure Active Directory is an alternative to AD. In fact, Microsoft’s strategy has been more about creating a complement to the on-prem, legacy AD than a replacement. Azure AD can be looked at as more of a user management system for Azure and Office 365 rather than a central, authoritative identity provider.

JumpCloud® Has Reimagined AD and LDAP for the Cloud

If you are still interested in finding a cloud-hosted directory service, take a look at Directory-as-a-Service®. This modern IDaaS platform has been built to reimagine AD and LDAP for the cloud era. As a cloud identity management platform, it is independent of protocol, provider, platform, and location. It seamlessly integrates with Mac, Windows, Linux, AWS, G Suite, O365, and many other IT resources. The goal of Directory-as-a-Service is to securely connect user identities with the IT resources they need. Those resources can include systems, applications (cloud and on-prem), and networks.

Try DaaS Instead of Migrating from Active Directory to Azure Active Directory

If you would like to learn more about migrating from Active Directory to Azure Active Directory, drop us a note. Alternatively, take a look at Directory-as-a-Service and see if it can be a replacement to your Active Directory implementation. Your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Continue Learning with our Newsletter