Share via

Migrate on prem domain controllers to Azure using Azure Migrate.

Andrew Berardi 0 Reputation points
2023-08-08T16:34:21.4133333+00:00

Can I migrate my Domain controllers to Azure using Azure Migrate. I have tried it and doing the replication and test migration the server gets migrated without the sysvol share. I tried shutting down the source server before the test migration and the sysvol share was not migrated. I have a total of 11 servers to migrate. Each of these servers depend on those domain controllers for authentication and security.

Azure Migrate
Azure Migrate
A central hub of Azure cloud migration services and tools to discover, assess, and migrate workloads to the cloud.
804 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SadiqhAhmed-MSFT 45,591 Reputation points Microsoft Employee
    2023-08-09T11:24:41.5133333+00:00

    Hello @Andrew Berardi Thank you for contacting us on Microsoft Q&A platform. Happy to assist!

    Migrating on-premises domain controllers to Azure using Azure Migrate involves the following steps:

    1. Assess your on-premises environment using Azure Migrate: Server Assessment. This will help you identify the servers that need to be migrated and ensure that they meet the requirements for migration.
    2. Create a virtual network in Azure that will be used to host the domain controllers. Ensure that the virtual network is connected to your on-premises network using a VPN or ExpressRoute.
    3. Deploy domain controllers in Azure virtual machines. You can use Azure Marketplace images or create your own custom images.
    4. Join the domain controllers to your on-premises Active Directory domain.
    5. Configure Active Directory replication between the on-premises domain controllers and the Azure domain controllers.
    6. Update DNS settings to ensure that clients can resolve domain names to the Azure domain controllers.
    7. Migrate other servers and applications to Azure as needed.
    8. Decommission the on-premises domain controllers once you have verified that the Azure domain controllers are functioning correctly.

    It is important to note that migrating domain controllers to Azure requires careful planning and execution to ensure that there is no disruption to your Active Directory environment. It is recommended that you follow best practices and consult with Microsoft documentation and support as needed.

    4 people found this answer helpful.
  2. Michael Durkan 12,206 Reputation points MVP
    2023-08-08T22:16:54.7533333+00:00

    Hi

    I'd be more inclined to create a dedicated secure VNET in Azure with newly deployed AD DS Servers which are protected by NSG's with specific rules. An example of this is in the diagram shown in the link below:

    https://learn.microsoft.com/en-us/azure/architecture/example-scenario/identity/adds-extend-domain

    Allow replication to happen and confirm that all is healthy, then add the new servers as authentication and DNS reference points for your existing servers prior to migration. This of course depends on having connectivity in place via either S2S VPN or ExpressRoute (which I assume you do).

    You would then have separate VNETs in Azure for your App VMs which would also be protected by NSG's.

    Hope this helps,

    Thanks

    Michael Durkan

    • If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!
    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.