locked
Dropping on Premise AD for Azure AD post exch/lync offsite migration clean cut to new AD or Azure AD or both RRS feed

  • General discussion

  • Here is the scenario:

    The current customer Domain as been active since NT, and has seen every version of Exchange.

    The domain has also had multiple admins, each who gave it their 'golden' touch.  (Not a good thing, because the majority of them it appears had no clue what they were doing).

    The domain supports 14 users.

    Exchange and Lync have been moved off premise to a hosting provider. Exchange, Lync, CAS, Edge, Mediation have been sucsufully demoted and decom'd.

    The network (AD) which because of a very complex, and 'tweaked' infrastructure is very problematic and time consuming to manage. It appears nothing of value outside of login  security is being used, including no wsus, no GP, etc.

    The only items the network supports now outside of VERY basic FSMO ops (very like 'everyone' s allowed access to everyone's everything (yikes) is a SQL server using a shared folder old net application, a file server and an iis server. (IIS does NOT support their current domain name/role)  Outside of server roles, AD is doing nothing with those servers. AD NEEDS to be doing what it was intended to do, but whenever something is changed, everything blows up. For example, I created a new group container, nothing else, and a single shared folder stopped working, and two users were disconnected, nothing in the log files. Or a user who enters a password incorrectly three times is locked out. The admin unlocks the account which locks three other accounts. Nothing in the log except a basic user locked out message. Like I said it's HOSED!

    Originally my thought was to spin up a new DC for them, with a new/different domain (internal named)  for their small office and do a clean cut. Set up AD the way I want to that will benefit them with proper security, file shares, etc.

    Question 1) What are your thoughts about this being a fix for a small office? If its a bad idea, why?

    Question 2) Why not spin up AD in Azure instead of locally, or do they need a local AD syncing with Azure AD?

    What is the best course of action that will bring them the most benefit over the next few years?

    • Changed type Vivian_Wang Monday, March 24, 2014 6:24 AM
    Monday, March 17, 2014 3:10 AM

All replies