Active Directory on-premise migration to Microsoft 365 made easy
Have you already decided to introduce Microsoft 365 in your company, but still have concerns about a complex and therefore expensive migration? Then you should definitely read on.
The migration can be roughly divided into three steps:
- migration of identities
- Exchange mailbox migration
- Migration of local files (Word, Excel, etc.)
Above all, we want to go into more detail on the first point, the migration of identities.
The point is to get your local users into the Azure Active Directory. It goes without saying that this step is essential. After all, you don't want to have to create the same accounts that already exist in your on-premise environment and torment your employees with additional login data.
The goal must therefore be that you can use your local Windows logins 1:1 in the cloud.
Longtime Microsoft users have probably heard of Azure Active Directory Connect technology, which does just that. The disadvantage of this technology, however, is that it requires a very high level of configuration on the on-prem host side and is even associated with additional license costs (including for a separate SQL server).
In the recent past, Microsoft finally got a fix for that. And the quasi-successor technology has been given the name "Azure Active Directory Cloud Sync".
According to Microsoft, AAD Cloud Sync is particularly interesting for companies that want to "reduce their on-premise footprint". Translated, this means "SMEs that still use on-premise landscapes, but want to gradually migrate to the Microsoft 365 world".
In practice, AAD Cloud Sync is a lightweight Windows agent that needs to be installed on your current on-prem host machine and basically requires only two settings:
- a global admin login to your Azure AD,
- a local admin account on the host computer.
All other configurations, such as mapping the AD attributes, take place entirely in the Microsoft cloud. Beyond the Cloud Sync Agent, there are no other licenses / tools that are required.
The Cloud Sync Agent is completely free. Likewise the synchronization of the local users in the AAD. All users migrate to your tenant as unlicensed users, there are no costs involved. Azure Active Directory free is completely sufficient here.
As long as the Cloud Sync Agent is running on your host computer, the users are synchronized in the AAD every 10 minutes. This means that if a user changes their password locally, this change will be reflected in the AAD after 10 minutes at the latest. The Cloud Sync Agent can also be installed redundantly on multiple hosts, ensuring fail-safety.
Once you have your on-premises identities in the cloud, you have already reached the first milestone.