How We Helped McCraw Law Group Decommission Their Datacenter and Migrate to the Cloud

When a law firm's most critical systems — case files, client records, email, document management — live on aging servers in a colocation facility, every day is a quiet gamble. The hardware gets older. The maintenance contracts get more expensive. The firm grows, adds attorneys, opens new offices — and the datacenter that once seemed like plenty of capacity starts to feel like an anchor.

That was the reality facing McCraw Law Group when they approached ITECS about a problem that had been building for years. Their colocation datacenter was reliable, but it was also expensive, increasingly difficult to maintain, and fundamentally incompatible with the way a modern multi-office law firm needs to work. What they needed wasn't a patch or an upgrade — they needed to leave the datacenter behind entirely.

Over the course of six months, ITECS executed a full datacenter decommission — migrating McCraw Law Group from on-premises Active Directory to Microsoft Entra ID, remapping every employee's Windows profile to preserve their desktop environments, moving file shares and services to the cloud, and ultimately powering down the last server in the colo. This is the story of how that project unfolded, and what it means for other law firms considering a move to the cloud.

About McCraw Law Group

McCraw Law Group — a Texas personal injury firm headquartered in Plano, TX

McCraw Law Group is a Texas-based personal injury law firm with its headquarters in Plano and offices across North Texas in McKinney, Frisco, Denton, and Wylie, along with a regional presence in Amarillo. The firm represents clients in cases involving medical expenses, lost wages, and pain and suffering — holding wrongdoers accountable and helping clients rebuild their lives after serious injuries.

McCraw's attorneys have earned recognition including Texas Superlawyers designations, Top 100 Trial Lawyers selection, and Best Lawyers in America recognition. As a growing firm with multiple locations and a substantial caseload, McCraw Law Group's technology infrastructure needs to match the pace and professionalism of their legal practice — and their aging colocation datacenter was falling behind.

The Challenge: A Colocation Datacenter Holding Back a Growing Firm

McCraw Law Group's IT environment was built on the model that made sense a decade ago: on-premises servers housed in a colocation facility, running Windows Server Active Directory, hosting file shares, managing print services, and supporting the applications attorneys and staff relied on daily. Every office connected back to the colo via site-to-site VPN tunnels. Every employee logged into a domain-joined workstation authenticated against on-prem domain controllers.

The system worked — until it didn't scale. As McCraw opened new offices and expanded their team, the limitations of the colo-centric model became harder to ignore:

• Escalating infrastructure costs: Rack space, power, cooling, bandwidth, and hardware maintenance contracts were climbing year over year — with no ceiling in sight as the firm grew
• Single-point-of-failure risk: A colo outage or circuit failure would impact every office simultaneously, potentially disrupting active casework, court filing deadlines, and client communications
• VPN-dependent access: Attorneys working remotely or traveling between offices depended on VPN connections back to the colo for file access, creating latency and reliability frustrations
• Aging hardware lifecycle: Servers approaching end-of-life meant an expensive refresh cycle — and the firm had to decide whether to reinvest in on-premises infrastructure or make the jump to the cloud
• Security exposure: On-premises Active Directory environments require constant patching, monitoring, and hardening. Without a dedicated internal IT security team, maintaining that posture was increasingly risky
• Multi-office complexity: Managing Group Policy, DNS, DHCP, and domain services across five-plus locations from a centralized on-prem AD environment created operational fragility

McCraw Law Group needed a partner who could plan and execute the entire migration — not just move mailboxes to the cloud, but fundamentally re-architect how the firm's technology works. That meant migrating identity, migrating data, migrating applications, and then physically decommissioning the datacenter, all without disrupting a single business day of legal operations. They turned to ITECS and our managed IT services team to make it happen.

McCraw Law Group's migration path: every service moved from the colocation datacenter to cloud-native infrastructure over six months

Phase 1: Discovery and Infrastructure Audit

Every successful migration begins with a complete understanding of what exists today. Before ITECS touched a single server or provisioned a single cloud resource, we spent the first weeks conducting a thorough discovery and dependency mapping of McCraw Law Group's entire colo-hosted environment.

The audit covered every service running in the datacenter:

• Active Directory domain controllers: Mapping the AD forest structure, Group Policy Objects (GPOs), organizational units, security groups, and service accounts that governed access across all offices
• File servers and shared drives: Cataloging terabytes of case files, legal documents, administrative records, and shared resources — including permission structures that needed to survive the migration intact
• Email infrastructure: Documenting mailbox sizes, distribution lists, shared mailboxes, and any integrations between email and case management workflows
• Print services: Identifying centrally managed print servers and the printer deployments mapped through Group Policy across every office
• Application dependencies: Cataloging line-of-business applications, case management systems, document management tools, and any software that depended on local server resources or AD-integrated authentication
• Network topology: Mapping site-to-site VPN tunnels, DNS zones, DHCP scopes, and routing configurations that linked each office back to the colo
• Backup and disaster recovery: Documenting existing backup schedules and recovery procedures to ensure continuity during the transition

This discovery phase produced the migration blueprint — a phased plan that sequenced every workload migration in the right order, identified dependencies that had to be resolved before each cutover, and established rollback procedures at every stage. For a law firm handling active litigation, there was no room for a migration that left case files inaccessible or email down for even an hour.

Phase 2: Building the Cloud Foundation with Microsoft 365

With the discovery complete and the migration plan approved, ITECS built the cloud infrastructure that would replace every service currently running in the colo. The foundation was Microsoft 365 — a platform McCraw Law Group's attorneys and staff could access from any location, on any device, without routing through a VPN back to a datacenter.

Microsoft 365 Tenant Configuration

ITECS configured the Microsoft 365 tenant with the security and compliance settings appropriate for a law firm handling sensitive client data. This included configuring Exchange Online for email, SharePoint Online and OneDrive for Business for file storage and collaboration, and Microsoft Teams for internal communications. Every configuration decision was informed by the discovery audit — mailbox sizes, distribution list structures, shared resource permissions, and collaboration patterns all carried forward into the new environment.

Entra Connect and Hybrid Synchronization

Rather than executing a hard cutover — which would have created an immediate, firm-wide disruption — ITECS deployed Microsoft Entra Connect to establish a hybrid synchronization between McCraw's existing on-premises Active Directory and the new Entra ID tenant. This hybrid phase was critical: it allowed user identities, group memberships, and password hashes to sync to the cloud while the on-prem AD remained operational. Attorneys could begin using Microsoft 365 services immediately while their primary authentication still pointed to the familiar on-prem domain [Microsoft Learn].

Email and File Migration

Mailbox migrations were executed in batches, office by office, during evening and weekend windows to minimize disruption. ITECS migrated not just email but calendars, contacts, and shared mailbox configurations — ensuring that when an attorney opened Outlook the next morning, everything was where they expected it to be, running from Exchange Online instead of the colo.

File shares followed a similar pattern. ITECS migrated shared drives to SharePoint Online document libraries, preserving the folder structures and permission hierarchies that staff depended on. Individual user files moved to OneDrive for Business, giving every employee access to their documents from any device without a VPN connection.

Phase 3: Active Directory to Microsoft Entra ID — The Identity Migration

With Microsoft 365 services running and the hybrid sync established, ITECS executed the most technically complex phase of the project: transitioning McCraw Law Group's identity infrastructure from on-premises Active Directory to cloud-native Microsoft Entra ID.

This was not a simple DNS change or a toggle in a control panel. Migrating identity means changing the fundamental authentication and authorization layer that every employee, every application, and every device in the firm depends on. Get it wrong, and attorneys cannot log in, cannot access case files, cannot file documents with the court. The stakes for a law firm are not just operational — they are ethical obligations to clients with active cases.

Group Policy to Microsoft Intune

On-premises Active Directory enforces device policies through Group Policy Objects. In a cloud-native Entra ID environment, that role is handled by Microsoft Intune. ITECS mapped every GPO in McCraw's environment — security settings, drive mappings, printer deployments, software installations, desktop configurations — and translated them into Intune configuration profiles and compliance policies.

This translation is where many migrations go sideways. Not every GPO has a direct Intune equivalent, and some require creative solutions involving PowerShell scripts deployed through Intune, configuration service provider (CSP) policies, or platform-native security baselines. ITECS tested every policy translation against representative hardware from each office before deploying firm-wide.

Conditional Access and Security Hardening

Moving to Entra ID also meant implementing a modern security model. ITECS deployed Conditional Access policies that enforce multi-factor authentication, restrict access from unmanaged devices, and apply risk-based sign-in evaluation across the firm. This replaced the castle-and-moat security model of the on-prem AD — where anyone inside the VPN was trusted — with a zero-trust posture that evaluates every access attempt individually [Microsoft Learn].

For a law firm handling sensitive client information, this was not just a technical improvement — it was a meaningful advancement in cybersecurity posture that protects both the firm and its clients.

ITECS engineers managed the Active Directory to Entra ID transition — translating Group Policy to Intune and deploying Conditional Access policies across the firm

Phase 4: Local Profile Remapping — The Seamless Switch

This phase was the make-or-break moment of the entire project — and the detail that separates a competent migration from an exceptional one.

When a Windows workstation transitions from domain-joined (on-prem AD) to Entra ID-joined, the default behavior is straightforward and devastating: the operating system treats the new cloud identity as a new user and creates a fresh local profile. The attorney sits down at their desk, logs in with their same email and password, and is greeted by a blank desktop. No bookmarks. No application settings. No pinned folders. No customized workflow. Everything they had built over months or years of daily use — gone, replaced by a default Windows profile.

For a law firm with dozens of employees across multiple offices, that outcome was unacceptable. ITECS's approach was to remap every existing local Windows profile to the new Entra ID identity so that when each employee logged in after the switchover, they landed on their familiar desktop — same files, same shortcuts, same application configurations, same everything.

The Remapping Process

ITECS executed the profile remapping in a controlled, methodical sequence:

• Pilot group validation: A small group of users across different offices were migrated first, allowing ITECS to validate the remapping process against different hardware configurations, software installations, and profile sizes before firm-wide rollout
• Pre-migration profile backup: Every user's local profile was backed up before the remapping process began — ensuring a clean rollback path if any individual migration encountered issues
• SID remapping execution: Using specialized migration tooling, ITECS remapped the Windows registry entries, NTFS file permissions, and profile directory associations from the old AD SID to the new Entra ID SID for each user
• Application credential migration: Beyond the Windows profile itself, ITECS verified that application-specific credentials, browser profiles, cached credentials, and locally stored authentication tokens transitioned correctly
• Post-migration verification: Each workstation was verified after remapping — confirming that the user's desktop, application shortcuts, browser bookmarks, Outlook profile, printer mappings, and custom configurations all loaded correctly under the new Entra ID identity

The result: on switchover day, McCraw Law Group employees logged into their workstations using their Entra ID credentials and found their familiar desktop waiting for them. No lost files. No missing shortcuts. No reconfiguration. No help desk tickets flooding in from frustrated attorneys. Just a normal Monday morning — which is exactly what a successful migration should feel like.

The goal of profile remapping: on switchover day, every attorney logged in and found their familiar desktop exactly as they left it

Phase 5: Datacenter Decommission and Colo Exit

With identity migrated, profiles remapped, files in the cloud, and all services running on Microsoft 365 and Entra ID, ITECS moved to the final phase: shutting down the colocation datacenter.

This wasn't a single switch-flip — it was a systematic teardown that followed a strict sequence:

• Final service migration: Any remaining services still running on colo-hosted servers — DNS forwarders, legacy application dependencies, print service remnants — were migrated to cloud equivalents or decommissioned with confirmed alternatives in place
• On-premises AD domain controller shutdown: With all workstations now Entra ID-joined and hybrid sync no longer needed, ITECS demoted and decommissioned the on-prem domain controllers following Microsoft's documented decommission procedures [Microsoft Learn]
• Entra Connect removal: The hybrid synchronization server was decommissioned carefully — improperly decommissioned Entra Connect servers can overwrite cloud data with stale on-prem information during unintended sync cycles [Microsoft Learn]
• VPN tunnel teardown: Site-to-site VPN tunnels linking each office to the colo were removed, simplifying the network architecture and eliminating the bandwidth costs associated with backhauling traffic through the datacenter
• Data sanitization: All server hard drives were securely wiped following NIST 800-88 guidelines, ensuring that sensitive client data from legal cases was irrecoverably destroyed before hardware disposal
• Colo contract termination: With all equipment decommissioned and removed, McCraw Law Group formally exited their colocation agreement — eliminating the monthly recurring costs for rack space, power, cooling, and bandwidth

The colo was dark. The servers were wiped. And McCraw Law Group's technology infrastructure was running entirely in the cloud for the first time in the firm's history.

The Project Timeline: Six Months from Kickoff to Lights Out

Why Co-Managed IT Works for Law Firms

McCraw Law Group's datacenter decommission was a project — but the relationship with ITECS is ongoing. Today, ITECS serves as McCraw's co-managed IT partner, working alongside the firm's internal resources to maintain, monitor, and secure their now fully cloud-native infrastructure.

The co-managed model is particularly effective for law firms because it provides enterprise-grade IT support without requiring a full internal IT department. ITECS handles the complex, specialized work — cloud infrastructure management, endpoint security and monitoring, identity management, and strategic planning — while the firm's internal resources handle day-to-day operational needs. It's a division of labor that matches the way modern law firms actually work.

The broader lesson from McCraw's migration applies to law firms and professional services organizations across North Texas: the colocation datacenter model served its purpose, but the future of legal technology is cloud-native. The firms that make the transition thoughtfully — with a partner that understands both the technical complexity and the operational stakes — come out stronger, more secure, and more agile than they were before.

For law firms evaluating their own infrastructure, the key lessons from the McCraw Law Group engagement are clear:

• Profile remapping is non-negotiable. Any migration partner proposing a "fresh profile" approach is asking your attorneys to rebuild their entire digital workspace. ITECS treats profile continuity as a baseline requirement, not a premium add-on.
• Sequence matters more than speed. Rushing a datacenter decommission creates risk. The phased approach — cloud foundation first, then identity, then profiles, then decommission — ensures every dependency is resolved before the servers go dark.
• Security improves, not just convenience. Moving to Entra ID with Conditional Access and MFA does not just eliminate the VPN — it fundamentally upgrades the firm's security posture from perimeter-based to identity-based protection.
• Co-managed IT extends the value. The decommission project delivered immediate cost savings, but the ongoing co-managed IT partnership ensures the firm's cloud infrastructure stays optimized, secure, and current as Microsoft's platform evolves.

The datacenter decommission was a project — the co-managed IT partnership is the ongoing relationship that keeps McCraw Law Group's cloud infrastructure optimized and secure

Sources

• Microsoft Learn — Road to the cloud: Migrate identity and access management from AD DS to Microsoft Entra
• Microsoft Learn — Best practices to migrate applications and authentication to Microsoft Entra ID
• Microsoft Learn — Active Directory Federation Services (AD FS) decommission guide
• Microsoft Learn — Decommissioning Azure AD Connect V1
• Entra News — Decommissioning On-Prem AD: Lessons Learned from a Successful Migration