In Active Directory, Blog, Cloud Infrastructure

Can you Migrate Your On-Prem Domain Controller to the Cloud

There has recently been some discussion about being able to migrate your on-prem domain controller to the cloud. Microsoft has been talking about Azure Active Directory Domain Services a great deal.

So does Azure AD allow you to migrate your on-prem domain controller to the cloud?

Migrating On-Prem Domain Controller to the Cloud – It’s Not That Simple

active directory

IT admins have been hoping to move their on-prem infrastructure equipment to the cloud, and Microsoft is capitalizing on that by getting people excited about eliminating the domain controller. Unfortunately, Microsoft’s cloud domain controller isn’t a replacement for the on-prem domain controller.

A recent thread on Spiceworks gives us a great deal more detail on their ideas and plans.

“Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

“That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

“As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.

“Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.  

“If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

“So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.”

As you can see, Azure Active Directory isn’t a replacement for Active Directory. Similarly, Azure AD Domain Services isn’t a replacement for the on-prem domain controller.

But there is good news: There are alternatives to Active Directory and to having a domain controller on-prem.

The On-Prem Domain Controller Had Its Day  

active directory domain controller

The concept of the domain controller was created during a different era. Microsoft made the domain a common concept in the late 1990s and early 2000s. With mostly Windows-based resources, the domain controller was used to provide users with access to whatever IT resources they needed. Of course, all of those resources were on-prem.

JumpCloud® Presents Complete Cloud Identity Management

active directory fail identity management

Today, the IT infrastructure is completely different. One in five devices is Windows (Forbes). Many resources are delivered in the cloud, including G Suite, Office 365, AWS, Salesforce, and many others. WiFi is the common network access vehicle versus the wired network. All of these changes are forcing IT admins to rethink their approach to directory services. The cloud domain controller from Microsoft is an interesting idea. However, there is a better and more complete approach to cloud identity management.

Directory-as-a-Service® is securely managing and connecting user identities to IT resources, including systems, applications, and networks regardless of provider, protocol, platform, and location. Think of Directory-as-a-Service as your next-generation replacement to Active Directory. It is independent, so you aren’t tied to Microsoft, or any other vendor for that matter.

Let’s Discuss Your Domain Controller Options

Drop us a note to learn more about whether you can migrate your on-prem domain controller to the cloud. We’d be happy to walk you through your cloud identity management options. Also, please take a look at our IDaaS platform. Since your first 10 users are free forever, try it today.

Recent Posts