![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 39%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Managing external identities to enable secure access for partners, customers, and other non-employees
Hello @ANIL KUMAR DUSANAPUDI,
The best way to migrate on-premises AD to Azure while decommissioning the on-premises AD is to first establish a hybrid identity using Azure AD Connect with Password Hash Synchronization (PHS). Then, migrate your applications to Azure. If your applications require traditional domain services (Kerberos, NTLM), deploy Azure AD Domain Services (Azure AD DS) in your Azure Virtual Network and domain-join your application servers to Azure AD DS. Once all applications are successfully authenticating against Azure AD or Azure AD DS, you can decommission your on-premises domain controllers.
If the Answer is helpful, please click Accept Answer and Up-Vote, so that it can help others in the community looking for help on similar topics.