Transitioning from a Hybrid Setup to Full Azure – Need Some Advice!

By
William Rossbach
-
0
4
Asked By TechWizard42 On

Hey everyone! I'm planning to move completely to Azure from our current hybrid setup and I have a few questions. Here's what we're working with:

- We have 10 VMs running on VMware.
- We're using 2 Domain Controllers.
- We have AD Sync set up with Entra ID.
- Our email is already on Office 365.
- Users connect via VPN to access our file server (which we will be moving to SharePoint).
- Both VMs and laptops are domain-joined to company.local.
- We'll be moving all service VMs to the cloud.

Now here's my strategy for Azure:

- I plan to set up a Resource Group.
- Configure VNET, Subnet, and NSG.
- I've already created 2 test Windows VMs with public IPs and was able to successfully ping them.
- I'll recreate the 10 VMs from scratch rather than migrating.
- I won't be migrating the Domain Controllers since I plan to use Entra ID.
- The VMs will be on WORKGROUP for now.
- I'll set up Entra Domain Services with the domain company.cloud.
- I will sync/integrate the existing Entra ID (user accounts and computer accounts) and then rejoin the VMs to Entra Domain Services.

So, my questions are:

1. Can I ditch my 2 Domain Controllers and just rely on Entra Domain Services and Entra AD?
2. Do I have to join the VMs to the new domain or can they stay on Workgroup?
3. What about the existing laptops that are domain-joined? Do they need to be rejoined to company.cloud instead of company.local?

Thanks in advance! I have a year to make this transition, so I'm taking my time with it.

2 Answers

Answered By CloudMover99 On

It sounds like a solid plan, but think about how you're connecting to Azure. Do you have a site-to-site VPN, ExpressRoute, or point-to-site connection set up? I generally don’t recommend using Entra Domain Services unless you really don't want to manage your own Domain Controllers. They can be a bit pricey but offer more functionality.

Also, if you go the Entra DS route, you’ll need to unjoin your PCs from the old domain and join the new one, which may involve some profile migrations. If you decide to keep a VPN for other services, even one Domain Controller might be worthwhile to maintain your environment. Just be cautious—removing your old domain means you should have local admin accounts to avoid login issues on your machines!

Answered By VirtualNomad On

You mentioned moving your file server to SharePoint, so if you don’t need any on-prem services, you might not need a VPN at all. It sounds like everything will be in the cloud. That being said, if your users only need to access office applications like Outlook, Teams, and SharePoint, then a VPN could be an unnecessary expense. Since you're 100% remote, cutting out the VPN would streamline things quite a bit.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.