Domain Migration

Question

Hi,

There are total four domain controllers and also using Azure AD in our enviornment with one forest one domain system.
If migration from abc.com to xyz.com in on-prem domain controller, what else require to do on Azure AD?
By the way, is there any luck for me to have a reference document or guide?

Best Rgds,
Myo Min Hein (Ray)

Answer 1

hi @risolis ,

Thanks for your reply and I understood the Azure Part now.
Is there any difficultites or prerequisites to check or requirements On-Prem DC Domain Name Migration?

Example of on-Prem Domain Controller:

• Current or existing or using Domain Name = abc.com
• Expected or Migrated to Domain Name = xyz.com

I do not have such an experience on that. If you can provide a guide or docs or ref url to me, it is really greatful for me.

Thanks,
Ray

Answer 2

Hello @Myo Min Hein (Ray)

Thank you for sharing this question on this community space.

I would like to gather the next article which fits into your case scenario if I am not mistaken but please correct if I am. So, for now, please direct yourself down below:

Can I migrate Active Directory domain-controllers using Azure Migrate?
The Server Migration tool is application agnostic and works for most applications. When you migrate, a server using the Server Migration tool, all the applications installed on the server are migrated along with it. However, for some applications, alternate migration methods other than server migration may be better suited for the migration. For Active Directory, if hybrid environments where the on-premises site is connected to your Azure environment, you can extend your Directory into Azure by adding extra domain controllers in Azure and setting up Active Directory replication. If you're migrating into an isolated environment in Azure requiring its own domain controllers (or testing applications in a sandbox environment), you can migrate servers using the server migration tool.

https://learn.microsoft.com/en-us/azure/migrate/common-questions-server-migration#can-i-migrate-active-directory-domain-controllers-using-azure-migrate

I hope you can find this useful to overcome your concern.

Looking forward to your feedback,

Cheers,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 3

Hello @Myo Min Hein (Ray)

Thank you for sharing this detail and I apologize for the misunderstanding.

For this case scenario, I would like to recap the following relevant details to proceed further. Let me mention them below:

The forest in Azure contains a domain that does not exist on-premises. Because of the trust relationship, logons made against on-premises domains can be trusted for access to resources in the separate Azure domain.

Typical uses for this architecture include maintaining security separation for objects and identities held in the cloud and migrating individual domains from on-premises to the cloud.

Furthermore, the topologies considerations or design are the ones down below:

• -Single forest, single Azure AD directory
• -Multiple forests, single Azure AD directory
• -Multiple forests, separate topologies
• -Staging server
• -Multiple Azure AD directories

Forest level trusts are transitive. If you establish a forest level trust between an on-premises forest and a forest in the cloud, this trust is extended to other new domains created in either forest. If you use domains to provide separation for security purposes, consider creating trusts at the domain level only. Domain level trusts are non-transitive.

https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-forest

I hope this time I was getting to the right track in order to address your concern buddy.

Looking forward to your feedback,

Cheers,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.