Share via

Azure AD Connect migration

Bob Pants 256 Reputation points
2021-04-01T04:54:59.427+00:00

I am in process of migrating from and old installation of AAD-Connect (1.4.18.0) to a new server running (1.5.45.0)

I'm not super clear on the migration process, I've installed AAD Connect on the new server in staging mode matching the install properties as best I know.

I then ran this tool https://github.com/Microsoft/AADConnectConfigDocumenter and compared the report output. I am not certain that I understand the report, from the name of the report it implies that is has applied config from new server to old server which seems backwards. There are also a million red lines in the output. It seems to have a function to create a 'fix differences' script, but this doesn't seem to contain many instructions so I am not clear on what its doing.

Are there manual steps I need to do before running the 'SyncRuleChanges.ps1' script to update the new server? (if so, how) I don't want it to make it EXACTLY like the source server and then cause the new one to leave staging mode before I am ready.

My new server does not currently have sync enabled, but I read then that it should (with staging mode also enabled) is this right?

Alternatively, this article: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-import-export-config
says there is a script in the tools folder of the new installation (MigrateSettings.ps1) that can export the config from the old box and be imported on the new. This method seems easier, does this copy everything I need? is there a preference which method to use?

thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,585 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 36,846 Reputation points Microsoft Employee
    2021-04-02T18:37:55.62+00:00

    Hi @MikeLehmann-8939 ,

    Yes, as you correctly called out, you can export the config from the old Azure AD Connect server to the new one. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-import-export-config

    If you export the JSON settings files under  %ProgramData%\AADConnect you can then import the settings to the new server.

    84123-image.png

    You will need to change the Azure Global Administrator for the installation.

    If you have staging mode enabled you can compare the configuration and synchronization results prior to exporting the results to Azure.

    This blog post also goes through everything step by step. (It's not an official guide but has useful info.)

    One thing to consider is since version 1.1.524.0 of Azure AD Connect, the attribute ms-DS-ConsistencyGuid is used as the primary source anchor instead of the objectGUID attribute. Azure AD Connect checks the ms-DS-ConsistencyGuid within the forest and in case the attribute is not used by any service, an automatic migration will take place. When you move to a new server, Azure AD Connect may throw an error that the attribute ms-DS-ConsistencyGuid already has values and instead objectGUID will be used as the source anchor. If you are sure that the attribute isn’t used by other existing applications, you can suppress the error by restarting the Azure AD Connect wizard with the "/SkipLdapSearch" switch specified, but you should confirm that the attribute isn't in use. See thread and blog post.

    0 comments
  2. Bob Pants 256 Reputation points
    2021-04-06T00:13:19.367+00:00

    Thanks,

    I was trying to use the JSON export/import approach. I've run the script on the old server and exported the config, however when I try to import it on the new server, there doesn't seem any way to get back to that import settings screen without doing a complete uninstall/reinstall of the application

    Is this the case?

    0 comments
  3. Geezer32 31 Reputation points
    2021-04-15T01:26:01.387+00:00

    I've imported the config from old server using the MS script 'MigrateSettings.ps1' and imported the json file to the new server. All seems ok at this point
    However when i attempted to switch over the servers after disabling staging mode on the new box, it was not exporting any new user object to Azure and the import task started behaving strangely.

    Delta import started showing success-warning status and now lists 994 'unchanged' objects and 984 'connector flow updates'
    Export shows 983 updates but not any of the new adds

    I reverted the staging mode back to 'on' on the new server and 'off' on the old and straight away the two new adds I was expecting were synced to Azure. The sync service on the new box again dropped down to a handful of updates instead of 984. When staging was turned off, every time a delta ran it said 984 unchanged updates but didnt export anything new.
    After reenabling staging mode, the new server sync log now sees the two adds that the old server just synced so it seems to be aware of changes going on itself.

    The rules looks the same to me on each server, any ideas on how to troubleshoot this? thanks

    87910-2021-04-15-10-03-58.jpg

    87975-2021-04-15-10-04-47.jpg

    88011-2021-04-15-10-05-12.jpg

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.