Migrate Azure AD Connect

Lim Chong Sun 531 Reputation points
2020-09-24T01:47:05.81+00:00

I want to migrate existing Azure AD Connect that is using SQL server to a new server but I want to change the new server to use SQL Express.
Is this possible?

At the same time, I want to upgrade the version of Azure AD Connect. Very old version. Like 1.1.x,

I am thinking of a swing upgrade. Setup new server (hopefully I can still find the old installer) and use the same settings (domain filtering), but install in SQL Express. Put it in staging.

Use Azure AD Connect Configuration Documenter to compare the 2 version and then apply the changes.

Then install the latest version to upgrade.

Compare using the Documenter again in case any out of the box rules are reset.

Will this work?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,435 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,691 Reputation points
    2020-09-24T05:54:58.38+00:00

    @Lim Chong Sun

    Latest guidelines on full configuration migration is to take a backup of the SQL DB for the original AAD Connect server, stand that up in another SQL DB instance (SQL express in your case), and install AAD Connect using the /UseExistingDatabase flag on AADConnect.exe, as outlined here: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-database . Given this functionality exists and is far more thorough than just moving custom sync rules, the recommended way to move configurations. You can also use the /UseExistingDatabase flag with a version that is older than the installer you’re using – ie: you can handle a swing upgrade using a database from a server on a much older version.

    Earlier migrating your AAD Connect primary sync server configuration to your staging server was a simple matter of using the Get-ADSyncServerConfiguration and Set-ADSyncServerConfiguration cmdlets provided as part of the ADSync module. However, in the most recent versions of AAD Connect (v 1.1.751 and later) the Get-ADSyncServerConfiguration cmdlet still works, however the Set-ADSyncServerConfiguration cmdlet returns a warning that use of the cmdlet is now unsupported…

    Before bringing the new server in production, you consider:

    Running the Documenter tool to compare the configuration on both servers.
    Running the CSAnalyser script to confirm the objects that the new server will be exporting to Azure AD.

    • Start a cmd prompt and go to %ProgramFiles%\Microsoft Azure AD Sync\bin
    • Run: csexport "Name of Connector" %temp%\export.xml /f:x The name of the Connector can be found in Synchronization Service. It has a name similar to "contoso.com – Azure AD" for Azure AD.
    • Run: CSExportAnalyzer %temp%\export.xml > %temp%\export.csv You have a file in %temp% named export.csv that can be examined in Microsoft Excel. This file contains all changes that are about to be exported.
    • Make necessary changes to the data or configuration and run these steps again (Import and Synchronize and Verify) until the changes that are about to be exported are expected.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Parin Das 2 Reputation points
    2021-02-11T06:51:23.533+00:00

    Hello,
    Did it work for you ?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.