Replace Hybrid AD domain controller to Azure AD or cloud solution

shared software 1 Reputation point
2022-11-09T01:13:13.49+00:00

Hi everyone,

So, our local ran domain controller died hence we would like to fully migrate and as painlessly as possible to a cloud-based solution.

Our company has 30 employees or so. But my concern is whether there is a way to permanently migrate our current domain controller with all our employees' information intact onto the cloud or perhaps Microsoft Azure AD.

My current plan is:

  • Open up a new VM as a domain controller
  • Join that VM to our local domain controller
  • Migrate the old DC's fsmo roles to the new virtual machine
  • Ensure that everything is pointing to the new virtual machine, and set the old DNS server IP to the new domain controller (virtual machine)
  • Install AD Connect on the new domain controller
  • Check that everything is running and our employees' data are syncing
  • Demote the old domain controller

Is this a suitable plan or is there anything else that can be recommended?

Thank you so much, everyone.

I appreciate any suggestions and help if possible.

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Broggy 5,681 Reputation points MVP
    2022-11-09T02:11:14.593+00:00

    Hi there,
    I'm sure you'll get some good advice from the rest of the team, but I'll just add one more suggestion - consider using a site to site vpn to isolate your new domain controller from any public access.

    Also consider the operational cost of running your new DC in Azure. Since AD and AAD are not compatible, what you're doing totally makes sense, especially if you're planning a near-term migration away from AD.

    This walkthrough looks like it has many related steps to what you're considering (of course I can't guarantee it's a perfect process, and it's 1 year back):
    watch

    You're likely aware there are some free credits for people migrating to Azure:
    search

    Good luck!

  2. Sandeep G-MSFT 14,241 Reputation points Microsoft Employee
    2022-11-10T04:17:12.6+00:00

    @shared software

    Steps that you have mentioned looks perfect.

    if you are looking to keep the existing domain then you would want to create a VM in Azure, join it to the domain and then promote it. You need to ensure there is a secure network connection between Azure and your DC (VPN, Express Route). You can use site to site VPN.

    Post this You need to ensure DNS is up and running on your Azure DC, and then repoint client DNS server IP to this machine (or machines, as you should really have more than one DC).

    Later install AD connect on DC or on any other member server. run sync and confirm if the sync is running fine.
    If everything is working fine, you are good to go.

    Let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.