Azure Active Directory Connect migrate without export/import

Question

Hello Team,

following situation...

A took over infrastructure consisting of a DC, Terminal Servers and an AD Connect Server.

The Azure AD Connect Server, according to an employee, has been updated by 2 inplace updates from 2008R2 to Windows 2012R2 to Windows 2016.

The ADConnect has not done any directory synchronization for over 670 days. The password hash sync works without problems.

On the AD Connect I can not export the configuration, because there is no suitable Powershell module and an inplace update is not possible, because it aborts with error.

The AD Connect should move to a new server, the question is, how do I get a new installation without losing the synchronized users in the cloud?

Is it possible to shut down the old server and then install AD Connect on the new server with new configuration (I can't set the staging mode on the old server either)? Or what would be the best way if the original server is broken without the possibility of recovery?

Answer 1

Hi there,

If you are unable to export the configuration from the wizard you could try using the AAD Connect Documenter.

https://github.com/Microsoft/AADConnectConfigDocumenter

Once you stall a new server you can use the swing migration method to compare your current configuration with the new servers default config.

you will then need to make the changes on the new server to match the current configuration.

https://github.com/Microsoft/AADConnectConfigDocumenter#how-to-use-the-tool-if-you-want-to-generate-a-comparison-report-for-swing-migration

Let me know if this helps.

Answer 2

@BSTEIB

Thank you for posting your question in Microsoft Q&A.

As per your current setup I am not sure why is there not an option to take AD connect backup.

If you are facing issues with getting the correct Powershell module then let me inform you that there is no specific module which is required to take back up.

You can try to follow steps in below article to take back up and import it to new server.

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-import-export-config#migrate-settings-from-an-existing-server

If above approach is not useful then you can simply install AD connect in staging mode in new server and you can manually check and configure the AD connect settings as per old server.

You can check the Sync scope OU's and also confirm if there are any additional Sync rules created in old server.

Once this is completed you can run the full sync on new staging mode server. This will not run and export as this is in staging mode.

Now, you can go to Azure AD connector on AD connect tool and right click on it, go to its "search connector space" option. from the drop down you can select pending exports and then select deletes.

check if there are any deletes which are showing up. If you see any deletes then it means you have missed something in the configuration comparing to old server.

You can check configuration again and implement if there are any changes.

If you do not see any deletes in pending exports then you are good with new server.

You can move new server out of staging and move old server to staging mode.

If old server staging mode is not working then you can just uninstall AD connect or stop the AD connect service from old server.

Let me know if you have any further questions on this.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.