Hello @shayan azhar Thank you for reaching out to us through Microsoft Q&A platform. Happy to answer any questions you may have!
Based on the information provided, I understand that you want to migrate your on-premises domain controller to Azure. However, you want to start with sync first to ensure everything is moved completely and as expected.
To answer your question from Azure Migrate perspective:
The Migration and modernization tool is application agnostic and works for most applications. When you migrate a server using the Migration and modernization tool, all the applications installed on the server are migrated along with it. However, for some applications, alternate migration methods other than Migration and modernization may be better suited for the migration. For Active Directory, if hybrid environments where the on-premises site is connected to your Azure environment, you can extend your Directory into Azure by adding extra domain controllers in Azure and setting up Active Directory replication. If you're migrating into an isolated environment in Azure requiring its own domain controllers (or testing applications in a sandbox environment), you can migrate servers using the Migration and modernization tool.
These are the generalized instructions provided for migrating or moving the on-premises DC to Azure:
To migrate an on-premise Windows Server 2019 Domain Controller to Azure Cloud, you'll need to follow several steps, starting with syncing your on-premise Active Directory to Azure Active Directory. Here's a detailed guide on how to start the synchronization process:
Pre-requisites:
- Azure Subscription: You'll need an active Azure subscription.
- Azure Virtual Network: Create a virtual network in Azure where the DC will reside.
- Azure Active Directory: Ensure that you have Azure Active Directory set up.
- Azure AD Connect: Download and install Azure AD Connect on a server in your on-premise environment.
Steps:
- Install Azure AD Connect:
- Download Azure AD Connect from the Microsoft website.
- Run the installer on a server in your on-premise environment.
- Follow the installation wizard to set up Azure AD Connect.
- Configure Azure AD Connect:
- When prompted, sign in with an account that has global administrator permissions in your Azure AD.
- In the "Connect to Azure AD" step, select "Use express settings" or "Customize" to configure the synchronization settings.
- Choose the appropriate user sign-in method (e.g., Password Hash Synchronization, Pass-through Authentication, or Federation).
- Select the on-premise Active Directory forest you want to sync.
- Configure filtering and optional features as needed.
- Complete the wizard and let Azure AD Connect synchronize the on-premise Active Directory with Azure Active Directory.
- Verify Sync:
- Check the Azure AD portal to ensure that users and groups from your on-premise Active Directory are synced to Azure AD.
Next Steps:
Once you've completed the synchronization process, you can proceed with migrating the Domain Controller to Azure Cloud. Here are the general steps you'll need to follow:
Deploy a Windows Server VM in Azure: Create a new virtual machine in Azure using Windows Server 2019.
Join the VM to Azure AD: Join the Azure VM to Azure Active Directory.
Promote VM to Domain Controller: Install the Active Directory Domain Services role on the Azure VM and promote it to a Domain Controller.
Transfer FSMO Roles: Transfer the FSMO (Flexible Single Master Operations) roles from the on-premise DC to the Azure VM.
Update DNS Settings: Update DNS settings for your on-premise network to point to the Azure VM as a DNS server.
Decommission On-Premise DC: After confirming successful replication and DNS configuration, demote the on-premise DC using the Active Directory Domain Services Configuration Wizard.
Monitor and Troubleshoot: Monitor the Azure DC for any issues and troubleshoot as needed.
Note:
- Ensure that you have a solid backup and recovery plan in place before decommissioning the on-premise DC.
- Test the migration process thoroughly in a non-production environment before performing it in production.
- Consider consulting with Azure experts or Microsoft support for complex scenarios or if you're unsure about any step in the process.
Also refer to a similar discussion here - https://learn.microsoft.com/en-us/answers/questions/1343064/migrate-on-prem-domain-controllers-to-azure-usingHope this helps. Please write back to us if you have any questions or need further assistance!
If the response helped, do "Accept Answer" and up-vote it