Moving active directory / domain controller from on-premises to Azure

azure active-directory migration microsoft-office-365
6,591

Azure does not support on-premises DHCP server, so definitely something you won't be migrating to the cloud.

There's no easy way, although, in my opinion, it's easy enough. You have to follow the steps you just mentioned:

  1. Setup VPN (guide)
  2. Configure Azure VNet DNS server (On-premises DC)
  3. Install a replica AD DC in Azure VM (guide)
  4. Reconfigure Azure VNet DNS server (guide)
  5. Reboot Azure AD Connect VM to renew network settings - It shouldn't stop working as it will automatically use any available DC in the forest.
  6. Demote on-premises DC (guide)

Alternatively, for things like authentication and simple GPOs you can use Azure AD DS. It won't use your on-premises domain tho, it will use the users and groups from your Azure AD, but it creates a new domain separated from your on-premises Azure AD.

https://azure.microsoft.com/en-us/documentation/articles/active-directory-ds-overview/

Share:
6,591

Related videos on Youtube

Eros2016
Author by

Eros2016

Updated on September 18, 2022

Comments

  • Eros2016
    Eros2016 over 1 year

    We have an onsite server running windows server 2012 r2. We have DNS, DHCP and Active Directory running on this machine running as a domain controller.

    About a year ago we signed up for office 365 and used ADD connect to populate 365 with usernames and password syncs from our on-premises domain.

    All working fine!

    The question is now, I want to run a new Server 2012 r2 instance in Azure and promote this as our domain controller and decommission our onsite server meaning we are then fully cloud based, with no onsite equipment.

    What would be the best way to do this?

    I am thinking site-to-site VPN, promote the new cloud VM and move all roles to the cloud VM and shut down the onsite sever. Then re-install ADD connect on the cloud VM for managing the 365 mailboxes and password syncs.

    Is there a better (or easier) way to do this? We have SQL databases and software that will run on the cloud instance, and having active directory and a real domain controller is definelfy a requirement.

    Thanks in advance!

  • Jesus Shelby
    Jesus Shelby over 7 years
    I would probably recommend using an external time source on the DC as well.
  • Eros2016
    Eros2016 over 7 years
    Hi Bruno, thanks for your detailed response. I will configure the VPN, promote the azure VM and demote the onsite server entirely. We will use a Cisco DHCP/DNS server onsite so the cloud instance just needs to be a domain controller. Thanks for your advice!
  • Bruno Faria
    Bruno Faria over 7 years
    Great! As soon as you finish the migration and everything goes well for you don't forget to mark it as an answer. :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Field to add employee ID in Azure AD/Office365
Remove certain AD Sync from Azure AD Sync
Azure print server - running everything in Azure?
Get Azure Active Directory Token with username and password
On premise Active Directory ObjectId is different than Azure Active Directory ObjectId
POSTMAN: "You do not have permission to view this directory or page" with Bearer Token
Can't join Azure Active Directory
How do I add Azure Active Directory User to Local Administrators Group
AdPrep logs show an LDAP error
Move application servers from one domain to another