I was recently hired by a company and inherited a messy IT infrastructure. The business has an on-premise server running two VMS, one is Windows Server 2003 and the other is Windows Server 2012. We have 13 offices throughout the U.S. but no way to connect
all offices to a centralized domain/location. The on-premise server only hosts the users at our corporate office. I would like to join all the computers at my company to the domain at corporate, but we do not currently have the infrastructure to create a traditional
on-prem environment (Sonic walls, VPNs, etc). I am considering moving our environment to Azure either completely into the cloud or creating a hybrid environment to be able to manage all identities in one location.
Recently I moved all the branch office identities to Office 365 and given each user an Azure AD profile to allow them to have SSO. When I made this decision, I did not realize that I had the option to virtualize my current environment into Azure and have the same management capabilities using Azure AD DS. I was planning on purchasing Azure AD P1 or P2 but I have recently realized that the sales rep that I was talking to did not understand my needs and these cloud services cannot act as a traditional domain controller.
My plan now is to move all the information from the current VMs to a VM running Windows Server 2019 and then connect it to the cloud using AD connect. Before I make this decision, I want to know if this is the right decision and if so, I have some questions.
1) Where and how the identities on the network are hosted. Was I wrong to create the Azure AD profiles through Microsoft 365 and now I have to backtrack and create new identities using Azure AD domain services or on-prem identities?
2) How many VMs would you recommend I create if I need a domain controller, a database server, and all the networking capabilities of a traditional server. We are currently using OneDrive and Sharepoint to share files, if I virtualize my server through Azure and used it as a file server what would be the difference between the two and which would be a better solution? Should I combine all server roles on the Azure hybrid VM?
3) How does this work with CALs? Would I need a CAL for each user that needs access to Azure AD DS?
4) Am I thinking about this issue the wrong way? What would you recommend I do?
Recently I moved all the branch office identities to Office 365 and given each user an Azure AD profile to allow them to have SSO. When I made this decision, I did not realize that I had the option to virtualize my current environment into Azure and have the same management capabilities using Azure AD DS. I was planning on purchasing Azure AD P1 or P2 but I have recently realized that the sales rep that I was talking to did not understand my needs and these cloud services cannot act as a traditional domain controller.
My plan now is to move all the information from the current VMs to a VM running Windows Server 2019 and then connect it to the cloud using AD connect. Before I make this decision, I want to know if this is the right decision and if so, I have some questions.
1) Where and how the identities on the network are hosted. Was I wrong to create the Azure AD profiles through Microsoft 365 and now I have to backtrack and create new identities using Azure AD domain services or on-prem identities?
2) How many VMs would you recommend I create if I need a domain controller, a database server, and all the networking capabilities of a traditional server. We are currently using OneDrive and Sharepoint to share files, if I virtualize my server through Azure and used it as a file server what would be the difference between the two and which would be a better solution? Should I combine all server roles on the Azure hybrid VM?
3) How does this work with CALs? Would I need a CAL for each user that needs access to Azure AD DS?
4) Am I thinking about this issue the wrong way? What would you recommend I do?