Domain controller migration to Azure

Question

Domain controller migration to Azure

Chapter7-2723 296

Hi all

I have a question.

My client has On-premise domain controller and read only domain controller. Now he want to migrate his primary domain controller to Azure But read only domain controller should be stay on on-premise datacenter.

What is best practice?

First Step:

Should I deploy Azure AD DS? Can I do, create a VM with Windows Server and install Active directory domain services tools only? then I will manage Azure Active Directory domain services on that VM. Is it correct?

OR

Should I create Azure VM and promote domain controller ?

Second Step:

I will install Azure AD connect and sync all object from on-premise AD to Azure AD?

OR
Should I deploy site 2 site VPN and promote Additional Active directory in Azure VM and then transfer FSMO roles?

and tell me how primary domain controller on azure and Read only Domain Controller on-premise will synchronize to each other?

Regards

Chapter7-2723 296 Reputation points

2022-10-26T06:57:58.147+00:00

Hi,

Please answer me of this question:

My client has On-premise domain controller and read only domain controller. Now he want to migrate his primary domain controller to Azure But read only domain controller should be stay on on-premise datacenter.

What is best practice?

Should I deploy Azure AD DS? Can I do, create a VM with Windows Server and install Active directory domain services tools only? then I will manage Azure Active Directory domain services on that VM. Is it correct?

OR

Should I create Azure VM and promote domain controller ?
Dave Patrick 352.3K Reputation points MVP

2022-10-26T12:50:42.127+00:00

You could establish the on-premises to azure network, then stand up the new azure VM, join existing domain, then promo it.

--please don't forget to upvote and Accept as answer if the reply is helpful--
Dave Patrick 352.3K Reputation points MVP

2022-10-27T13:19:00.227+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
Sandeep G-MSFT 7,281 Reputation points Microsoft Employee

2022-10-28T08:34:47.383+00:00

@Chapter7-2723

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.

Chapter7-2723 296 Reputation points

2022-10-26T06:57:58.147+00:00

Hi,

Please answer me of this question:

My client has On-premise domain controller and read only domain controller. Now he want to migrate his primary domain controller to Azure But read only domain controller should be stay on on-premise datacenter.

What is best practice?

Should I deploy Azure AD DS? Can I do, create a VM with Windows Server and install Active directory domain services tools only? then I will manage Azure Active Directory domain services on that VM. Is it correct?

OR

Should I create Azure VM and promote domain controller ?
Dave Patrick 352.3K Reputation points MVP

2022-10-26T12:50:42.127+00:00

You could establish the on-premises to azure network, then stand up the new azure VM, join existing domain, then promo it.

--please don't forget to upvote and Accept as answer if the reply is helpful--
Dave Patrick 352.3K Reputation points MVP

2022-10-27T13:19:00.227+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
Sandeep G-MSFT 7,281 Reputation points Microsoft Employee

2022-10-28T08:34:47.383+00:00

@Chapter7-2723

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.

Answer 1

Sounds like you're asking about this option
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/#ad-ds-in-azure-joined-to-an-on-premises-forest
https://learn.microsoft.com/en-us/microsoft-365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network?view=o365-worldwide

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

@Dave Patrick

You will have to create a site to site VPN
You will have to deploy site to site VPN and then you can create a VM in Azure and install Active Directory in VM. Post this you can transfer the roles to active directory in Azure.

With this you will not have any downtime in your environment.

If you use Azure AD DS, you will not have any control over DC's. Also, there is no option of adding your present DC to Azure AD DS.

Azure AD DS is a feature where there are 2 domain controllers gets deployed and both the domain controllers are managed/maintained by Microsoft.

Do let me know if you have any further questions

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 3

An RODC is designed primarily to be deployed in remote or branch office environments, which typically have relatively few users, poor physical security, relatively poor network bandwidth to a hub site, and personnel with limited knowledge of information technology (IT). Deploying RODCs results in improved security and more efficient access to network resources. So you are treating the on-prem datacenter as less secure ?
Personally prefer to have a writable DC on my datacentre.

Domain controller migration to Azure

3 answers

Activity