How to replicate On Prem DC to an Azure DC while the on prem is using a .local domain and azure vm is using a custom domain

Question

We are currently running five different sites, each having its own domain controller. The local domain is "xyz.local". We have one primary domain controller "PRIM-DC" on-prem. Now we want to migrate these domain controllers to a single domain controller "AZ-DC" in Azure, with new domain "abc@domain" and then decommission the on-premises Domain controllers with old domain "xyz.local". A secure site to site connection between on-prem and Azure have been established and a test migration have also been performed.   I have created a new DC "AZ-DC" in Azure by creating a VM and promoting it to a DC as a tree domain of the existing on prem forest with a new domain "abc@domain" and adding it to the same on-prem forest but I am still unable to replicate the on-prem AD to Azure.
NOTE: all on-prem sites are connected via VPN which is connected to the Azure via site to site connections.

I want to know how to replicate the on-prem DC on the new Azure DC with a new domain.

Answer 1

Hi Hadi Burhan,

To clarify and correct me if I'm wrong, you have this setup:

• Existing Forest Onprem
• Domain onprem (To decomission): xyz.local
• New Domain on Azure: domain.com deployed
• Vpn site to site already stablished successfully
• Issure: Objects isn't replicated to Azure

In this existing forest xyz.local on-premises when you add a new domain from a Domain Controller (DC) in Azure, it will replicate all objects. In Active Directory terms, squema defines the kinds of objects and the type of information about those objects that can be stored in the forest

• Trust Relationships: When you create a new domain in an existing forest, a two-way, transitive trust is automatically created between the new domain and the forest root domain. You’ll need to ensure these trust relationships are correctly configured for your new Azure DC.
• DNS Settings: You’ll need to configure DNS settings to ensure that clients can resolve domain names to the Azure domain controllers. I understood Is working fine because you already have compurers joined.
• Replication: Active Directory replication between the on-premises domain controllers and the Azure domain controllers needs to be configured.
• Site-to-Site VPN: Since you already have a VPN S2S and connectivity established, this should facilitate the communication between your on-premises network and Azure.

Additional resources :

• https://learn.microsoft.com/en-us/archive/technet-wiki/51935.azure-replicate-on-premise-domain-controller-to-azure-virtual-machine
• https://vmarena.com/how-to-configure-replication-from-on-premise-domain-controller-to-azure-vm/
• https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/
• https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/

Let me know if this help you.

Luis