Share via

Azure Migrate - Support for multiple separate forests - no DNS forwarder

Mohamed Shehata Elbeltagy 11 Reputation points
2023-01-31T14:30:36.4233333+00:00

Hello,

I have a customer who has multiple and separate forests which do not have any trusts. Azure migrate appliance has connectivity/line of sight to all these domains/domain controllers. The appliance is using a DNS server which does not have forwarders to some of those forests/domains (in DMZ).

The issue is: Azure migrate cannot use/validate the credentials of those forests in DMZ. Using hosts file (adding domains FQDN and domain controllers) did not help because it is not used in NSLOOKUP.

The question is: How can Azure migrate connect to those domains in DMZ without DNZ forwarders?

Is - deploying a DNS server that has forwarders to those domains and configure Azure migrate appliance to use - the only solution?

Thank you.

Azure Migrate
Azure Migrate
A central hub of Azure cloud migration services and tools to discover, assess, and migrate workloads to the cloud.
760 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Prrudram-MSFT 23,211 Reputation points
    2023-02-01T21:52:54.4333333+00:00

    Hello @Mohamed Shehata Elbeltagy ,

    Thank you for reaching out to the Microsoft Q&A platform. Happy to answer your question.

    Hosts file does not use nslookup sure, but when the DNS records are referenced, they go in this order Hosts file > DNS Server, which host file being the first place we check. When you try to log into a source machine, it's the Source Machine that references ITS DNS server not the Appliance itself. The Appliance just needs to resolve the Private Endpoint addresses and have line of sight to the VM.

    Hope this helps!
    If you have any questions at all, let us know in the comments.

    If the answer provided by has helped, please 'Accept as Answer' and Upvote using "Thumbs-up" so that it can improve discoverability for others in the community looking for help on the same topic.