4

Has anyone migrated a fully developed Azure AD to on-premises DCs?

I work at a small tech start-up that grown. We have been using Azure AD for years with O365, security groups, enterprise apps, etc. I setup AD DS a while back and it has been worked great for our vms in Azure. Up until now we’ve been strictly cloud based. We now have the need to build some on-premises labs and other devices. I was hoping to use AAD Connect to migrate AAD to an on-premises DC. My goal was to have one DC in Azure and one on-prem. After researching AAD Connect it seems there is no way to migrate from cloud to on-premises, only the other way around.

I have found some way to export users from AAD to import to a local DC. There are some issues with having to re-enter passwords. My fear is that no security groups or groups in general will be synced. AD is not my strong suite. Through testing I’m not able to fully test out all possible issues because we have so much stuff going on in Azure AD. I’m worried doing a AAD Connect sync will possibly delete functioning parts of AAD. Is it really as easy as exporting the users and loading them into a local AD?

Eric L
  • 65
  • 1
  • 7

1 Answers1

3

Synchronising AAD users back to an on premesis domain is not supported:

Some customers start with a cloud-only solution with Azure AD and they do not have an on-premises AD. Later they want to consume on-premises resources and want to build an on-premises AD based on Azure AD data. Azure AD Connect cannot help you with this scenario. It does not create users on-premises and it does not have any ability to set the password on-premises to the same as in Azure AD.

You can either look at creating new users, synching them up to AAD and then migrating the existing users, or look at Azure AD Domain Services which will let you create Azure based domain controllers with users from AAD, but has a number of limitations

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113