I'm working on setting up a local domain controller without an active Azure subscription, and it's my first time doing this in reverse—migrating back to on-premises from Azure. From what I've understood, I need to build the new domain controller, create a forest that aligns with the Azure domain, and establish groups and organizational units while matching user principal names. However, I feel like there might be more to this process, and I'm concerned about potential conflicts that could disrupt the existing Azure environment.
2 Answers
The phrase "on-prem DC with only Azure AD" seems a bit contradictory. You can't really have both; either you're operating solely on-prem or using Azure AD without an active subscription. What exactly is your setup?
It seems like you're looking for Entra ID Domain Services. This service is designed for scenarios like yours. You can find more details in the Entra ID Domain Services documentation to see if it fits your needs!
I appreciate the suggestion, but unfortunately, the client isn't willing to cover the costs for Azure Domain Services. It's a tough spot for me.
It's purely based on Entra ID along with Office 365—no on-prem DC, and no Domain Services in Azure, just straightforward Azure AD.