AAD Is Not a Replacement for Active Directory

• The Azure Active Directory hosted service could evolve over the coming years to be a more comprehensive alternative to Active Directory Domain Services on-premises.
• Retiring Active Directory in favor of any hosted directory service is not practical for most organizations today.

Active Directory Domain Services (AD DS) is the Windows Server role that delivers on-premises identity and access management. Azure Active Directory (AAD) is a similar hosted service. At a very high level, AAD and AD DS can deliver similar functionality, and small organizations or business units might consider replacing AD DS with AAD. However, due to the differences between the two technologies, this is not likely possible today.

Limitations Preventing AD DS Retirement

Several capabilities of AD DS, or services that depend on it, would need to be replaced before an organization’s on-premises directory servers could be retired. For example, AAD does not include AD domain join, group policy, or support for AD Federation Services. While Microsoft offers AAD- or Intune-based alternatives for these technologies, none is a complete replacement of its on-premises counterpart.