Share via

DC into Azure

Blake 0 Reputation points
2025-03-24T18:37:08.9166667+00:00

I would like to understand what it would take to get our DC into Azure (we have 3 DCs) and accessible from anywhere so that we can utilize the latest modern DC via internet capabilities, like domain joins, drop-shipping units to users via Intune provisioning, Windows Hello, etc.

Windows Server | Identity and access | User logon and profiles
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex Burlachenko 4,225 Reputation points
    2025-03-25T09:37:01.45+00:00

    Dear Blake,

    Thank you for your inquiry about migrating your domain controllers to Azure and additionally thx for post yours question here at Q&A portal.

    To establish your domain controllers in Azure while maintaining accessibility for domain joins, Intune provisioning, and Windows Hello, I recommend do next:

    First of all -Azure Infrastructure preparation. Deploy Azure VMs running Windows Server 2022 (recommended) as domain controllers. Size VMs appropriately (D4s_v3 or larger recommended for DC workloads). Configure availability sets or availability zones for your 3 DCs to ensure fault tolerance.

    Next is network configuration. Set up Azure Virtual Network with proper subnets for DC's. Establish site-to-site VPN or ExpressRoute for hybrid connectivity. Configure DNS to point to your Azure DCs.

    And of coz time to think about security implementation. Enable Azure AD Connect for hybrid identity (if using Azure AD). Configure Network Security Groups (NSGs) to restrict DC access.

    Implement Azure Bastion for secure management access.

    Modern Management Enablement. Configure Azure AD Connect for hybrid join. Set up Intune co-management for device provisioning. Enable Windows Hello for Business policies

    As u right said the key benefits of all of this would be:

    Enables secure domain joins for devices anywhere. Supports modern provisioning via Intune Autopilot. Provides foundation for Windows Hello deployment. Maintains compatibility with existing on-premises resources.

    Simplify all what i said is begin with pilot deployment of one DC in Azure. Test replication and authentication thoroughly. Migrate FSMO roles gradually. Update DHCP/DNS configurations to point to new DCs.

    Below u can find out a right links for Microsoft doc's according yours issue

    Deploying Domain Controllers in Azure

    Hybrid Identity with Azure AD

    Windows Hello for Business Deployment

    Best regards,

    Alex

    P.S. If my answer help to you, please Accept my answer

    P.P.S. For drop-shipping scenarios, consider combining this with Azure AD Join and Intune Autopilot for completely cloud-managed devices. The Autopilot Deployment Guide provides additional details.. I strongly beleive that would help u.

    0 comments
  2. Ian Xue-MSFT 41,696 Reputation points Microsoft External Staff
    2025-03-26T08:26:18.85+00:00

    Hi,

    Please refer to this document for details.

    https://learn.microsoft.com/en-us/entra/architecture/road-to-the-cloud-migrate

    Here's a high-level overview of the steps involved in the migration process:

    1. Assess Your Current Environment

    Inventory: Identify all users, groups, and applications in your current Active Directory (AD) environment.

    Dependencies: Document any dependencies, such as applications or services that rely on your current AD setup.

    1. Plan Your Migration Strategy

    Migration Goals: Define what you aim to achieve with the migration (e.g., enhanced security, better scalability).

    Timeline: Establish a timeline for the migration process.

    Resources: Allocate the necessary resources, including personnel and budget.

    1. Set Up Azure AD Tenant

    Create Tenant: If you don't already have an Azure AD tenant, create one.

    Configure Services: Set up necessary Azure AD services, such as Azure AD Connect, to synchronize your on-premises AD with Azure AD.

    1. Synchronize Identities

    Azure AD Connect: Use Azure AD Connect to synchronize on-premises AD identities with Azure AD. This tool helps ensure that user accounts, groups, and passwords are consistent across both environments.

    1. Migrate Users and Groups

    Pilot Migration: Start with a small subset of users and groups to test the migration process.

    Full Migration: Once the pilot is successful, proceed with migrating all users and groups.

    1. Configure Applications and Services

    Application Compatibility: Ensure that all applications are compatible with Azure AD.

    Reconfigure: Update application settings to use Azure AD for authentication and authorization.

    1. Test and Validate

    Testing: Conduct thorough testing to ensure that everything works as expected.

    Validation: Validate that all users can access the necessary resources and that there are no disruptions.

    1. Monitor and Manage
    • Monitoring: Continuously monitor the new environment for any issues.
    • Management: Manage the Azure AD environment to ensure it remains secure and efficient.

    Best Regards,

    Ian Xue

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.