Can You Migrate On-Prem Domain Controllers to the Cloud?

By Rajat Bhargava Posted March 12, 2019

On-Prem Domain Controller to the Cloud Azure AD DS

There has recently been some discussion about migrating your on-prem domain controller to the cloud. That’s bound to happen because Microsoft® features a product called Azure® Active Directory® Domain Services. We know that Azure is Microsoft’s foray into the cloud, so that leads many to think that perhaps Azure Active Directory Domain Services is the analog to Active Directory Domain Services. So, can you migrate on-prem domain controllers to the cloud.

On-Prem Domain Controller to Cloud Migration—In Microsoft’s Words

With the bulk of IT infrastructure moving to the cloud, IT admins are hoping to move one of the most critical of components along with it—the domain controller. Unfortunately though, the definition of the on-prem Active Directory domain is not the same as the one Microsoft established for Azure Active Directory Domain Services. That’s where the bulk of the confusion lies. These two domains mean different things because they exist within different environments. Here, a Microsoft rep on Spiceworks explains:

“Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.  

“If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

“So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.”

Simply put, Azure Active Directory is not a standalone replacement for Active Directory. In the same vein, Azure AD Domain Services isn’t a replacement for the on-prem domain controller. As a result, there is no solution for shifting your domain to the cloud.

The Domain Concept—Built for a Different Era

The concept of the domain controller made a lot of sense in the late 90’s when Active Directory was released. With a host of Windows®-only resources to manage, it was practical to centrally connect them and manage them through AD. Because each resource lived on-prem, it was a snap to connect and manage them. Microsoft designed it that way. But, that was 20 years ago. Things, particularly systems, in IT have really changed, and the concept of the domain has become old hat.

Shifting OS Demographics

Today, as we know, the IT infrastructure is completely different. According to statcounter, the desktop OS market in January of 2009 was dominated by Windows, which had 92% of the market share. At that same time, Mac® systems had 4% and Linux® brought up the rear with less than 1% of the market. Fast forward a hair over 10 years and a different picture is being painted. Microsoft still has a sizeable lead, but it has dwindled considerably. As of February 2019, Windows had dropped to 74% of the market share. macOS® systems rose quite a bit to 13%. Now Linux now accounts for 1.5%.

Those numbers may not strike you as being too vastly different, but when you consider the fact that 72% of enterprise employees choose macOS systems over Windows, the number of Macs is only expected to rise while Windows systems decrease further. Additionally, data centers and infrastructure are moving to the cloud faster than ever. The majority of those systems are Linux-based machines. With that in mind, Windows now finds itself being edged out by two different parties. All told, these non-Windows resources have difficulty connecting to Active Directory and require quite a bit of configuration to make them work out of the box—specifically, with the need to use identity bridges. What good is the domain if you can’t connect your systems to it without extra work and expense?

Welcome to the Cloud

Aside from systems, other resources making a home in the cloud include G Suite™, Office 365™, AWS®, Salesforce® and many others. Another consideration is the fact that the domain used to operate on wired connections; well, we are all aware that WiFi has taken the helm as the preferred network connection solution. All of these changes are forcing IT admins to rethink their approach to directory services. So, while the domain controller from Microsoft is an interesting idea, there is a better and more complete approach to cloud identity management—one that works in concert with Zero Trust Security and knows that all IT resources are to be untrusted by default.

The solution we’re talking about is called JumpCloud® Directory-as-a-Service®, and it is securely managing and connecting user identities to the IT resources they utilize every day. That includes systems (Windows, Mac, Linux), applications, file storage, and networks regardless of provider, protocol, platform, and location. Think of Directory-as-a-Service as your next generation replacement to Active Directory. And because it’s independent, you aren’t tied to Microsoft or any other vendor for that matter.

Try JumpCloud Free Today?

Instead of wondering can you migrate on-prem domains to the cloud in the traditional, Microsoft-centric sense, think about your identity management solution instead. You can jumpstart that evaluation when you sign up for a JumpCloud account and try it for yourself. It’s free, requires no credit card, and with the free version of our service you get 10 included users. Check out our Knowledge Base for technical information to help you get the most out of your account.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts