*
en | de
Pro User
Timespan
explore our new search
Active Directory Ended: Top Tips for Seamless Migration Success
Identity
Jun 1, 2025 7:11 AM

Active Directory Ended: Top Tips for Seamless Migration Success

by HubSite 365 about Merill Fernando

Product Manager @ Microsoft 👉 Sign up to Entra.News my weekly newsletter on all things Microsoft Entra | Creator of cmd.ms & idPowerToys.com

Pro UserIdentityLearning Selection

Microsoft Entra ID Microsoft Autopilot

Key insights

 

  • Active Directory Decommissioning at We Are Era focused on moving from on-premises AD to a cloud-native Microsoft Entra ID environment, using structured steps to ensure a smooth and secure transition.
     

  • The team used Microsoft Autopilot for device migration, making it easier to move Windows workstations while modernizing applications and managing user accounts directly in the cloud.
     

  • A key challenge was dealing with legacy systems like RADIUS, as well as updating printing services and other server dependencies during the migration process.
     

  • User accounts and groups were shifted to cloud-only identities, improving management efficiency and reducing reliance on traditional infrastructure.
     

  • The project delivered benefits such as enhanced security, better user experience, reduced costs (up to 70% savings on infrastructure), and greater flexibility for adopting new technologies.
     

  • The team emphasized best practices: proper domain controller demotion using Windows Server tools, strong security controls like multi-factor authentication, ongoing monitoring of sensitive objects, and maintaining at least one Exchange server when syncing with Entra ID.
     

 

 

Introduction: We Are Era’s Shift from Active Directory to Cloud

The recent YouTube video hosted by Merill Fernando highlights a significant technological transition at We Are Era, a media company that successfully migrated from traditional on-premises Active Directory (AD) to a fully cloud-native Microsoft Entra ID environment. This discussion features Tobias Binkert, Head of IT at We Are Era, and Yusuke, a Product Manager at Microsoft, who provide insights into the motivations, strategies, and outcomes of this migration. Their conversation offers valuable lessons for organizations considering a similar path, balancing operational needs, security, and modernization.

As more businesses look to streamline IT infrastructures and embrace cloud solutions, the case of We Are Era demonstrates both the opportunities and tradeoffs involved in decommissioning legacy systems. By moving to the cloud, companies can achieve greater agility and cost savings, yet must also address technical and organizational challenges along the way.

Motivations and Business Drivers for Migration

One of the main reasons We Are Era chose to decommission on-premises Active Directory was the desire to modernize their IT landscape and reduce operational overhead. According to Tobias Binkert, legacy AD environments often require extensive maintenance and ongoing investments in hardware, software, and skilled personnel. In contrast, moving to Microsoft Entra ID promised enhanced flexibility and scalability, allowing the IT team to focus on innovation rather than routine upkeep.

Furthermore, the migration was motivated by the need to improve security and user experience. By leveraging cloud-native identity management, We Are Era could implement advanced security features such as multi-factor authentication and conditional access policies. However, this shift required careful planning to ensure business continuity and stakeholder buy-in, especially when negotiating with different business units that depended on legacy systems.

Technical Strategies and Device Migration

A critical aspect of the migration involved transitioning user devices from on-premises management to cloud-based provisioning. The team utilized Microsoft Autopilot to automate the setup and configuration of Windows workstations, significantly reducing manual effort and minimizing disruption for end users. This approach allowed new and existing devices to be enrolled directly into Entra ID, streamlining deployment across multiple locations.

Nevertheless, the process was not without its challenges. Legacy dependencies—such as applications tied to on-premises RADIUS servers or traditional printing solutions—required creative problem-solving. The team had to balance the urgency of decommissioning old infrastructure with the need to maintain compatibility for critical business applications, sometimes opting for hybrid solutions until full cloud alternatives were viable.

Managing User Accounts, Groups, and Security

Transitioning to cloud-only identities introduced new considerations for managing user accounts and group memberships. We Are Era adopted best practices for synchronizing and securing identity data, ensuring that permissions and access controls were preserved throughout the migration. The shift to Entra ID enabled more dynamic and granular access management, but also demanded rigorous oversight to prevent accidental privilege escalation or data exposure.

Security remained a top concern throughout the project. The team implemented robust monitoring and alerting to detect unauthorized changes, and enforced strict password policies and administrative separation. These measures were crucial during the transitional period, when legacy and cloud systems coexisted, increasing the attack surface and potential risk.

Return on Investment and Post-Migration Benefits

From a financial perspective, the migration yielded impressive results. Tobias Binkert reported that We Are Era achieved up to a 70% reduction in infrastructure costs by retiring on-premises servers and related hardware. Additionally, the move to cloud-based identity management accelerated the adoption of new technologies, fostering a culture of agility and continuous improvement within the company.

After decommissioning Active Directory, We Are Era experienced a more streamlined IT environment, with faster user onboarding and simplified access to cloud resources. However, the team emphasized the importance of thorough preparation and ongoing learning, noting that successful migrations require strong leadership, clear communication, and a willingness to address unforeseen challenges as they arise.

Lessons Learned and Future Outlook

Reflecting on the entire process, both Tobias and Yusuke shared key advice for other organizations considering a similar journey. They stressed the need for comprehensive planning, stakeholder engagement, and a phased approach to minimize disruption. Moreover, they highlighted the tradeoffs between immediate cost savings and the complexities of migrating legacy workloads, urging IT leaders to weigh short-term hurdles against long-term benefits.

Looking ahead, We Are Era plans to build on its cloud-first foundation by exploring advanced identity initiatives and further automating IT operations. As the landscape continues to evolve, their experience serves as a roadmap for others seeking to modernize securely and efficiently.

 

Identity - Active Directory Ended: Top Tips for Seamless Migration Success

Keywords

Active Directory decommission migration tips Era's migration Active Directory transition best practices AD decommissioning guide enterprise directory migration