Introduction: 24×7 company with all on-premise environment wants to move their entire infrastructure to the cloud. They have several remote locations, servers including domain controllers, a large Exchange environment with On-Premise Mailboxes, On-Premise PSTN Call Server, and users both in offices and connecting remotely.
Requirements: Close to 0 downtime as we can get. Move all Identity to the cloud, eliminating the need for domain controllers, however, need to ensure legacy applications can work, and also to have a file share, share 4tb of data while keeping the permission structure. Also, to move to full remote work without the need for the overhead of physical offices.
Solutions Used: We used Azure Active Directory Domain Services to eliminate the need for On-Premise Domain controllers. This will handle identity and kerberos/ntlm authentication.
To cover serving files we used Azure Files. By leveraging this with Azure AD DS, we enabled authentication and permission to the company files.
We also did a full Migration to Exchange Online, implemented Duo MFA, Advanced Threat Protection for Defender and EXO.
We ported and migrated to Microsoft Teams for collaboration and VoIP Calling. We moved over their Auto-Attendants and Call Queues.
Step 1: We installed Azure AD Connect and sync’d the users over. Through the AD Connect Set up, we set up Security Groups for the various licenses the customer has.
Step 2: We configured Exchange Co-Existence mode and configured all the routing. We then migrated departments at a time to Office 365.
Step 3: We set up Azure files, created robocopy scripts with scheduled tasks and we started to upload the data to the file shares mounted from Azure Files. On the night of cutover we did one last sync.
Step 4: We enabled Azure AD DS and set made sure all the permissions are set correctly on the data.
Step 5: We disabled sync from the tenant and made sure all objects were moved to cloud only.
Step 6: We made all the needed network connections, disabled Exchange Co-Existence mode, Connected all machines to the new domain, did clean up and supported the client.
The end result the client was happy with. We still support this, and can set this up for you as well!.