What are the steps to migrate my Domain Controllers to Azure?

By
Elli Mongillo
-
0
2
Asked By CuriousCoder92 On

I'm working on a project to migrate my on-premises Domain Controllers (DCs) to Azure and want to make sure I understand all the necessary steps. Currently, I have a medium-sized site with all DCs running on-premises, managing AD integrated DNS, DHCP, DFS, and Group Policies. I'm using M365 GCC High and already have Azure AD sync in place. For the new setup, I plan to have multiple smaller sites. My assumption is that creating DCs as VMs in Azure is a better option than using Azure Domain Services. My planned next steps include creating a virtual network in Azure, establishing a VPN between sites and Azure, creating VMs, allowing network traffic between these VMs and the on-prem DCs, promoting the VMs to DCs, checking for replication issues, transferring roles to the Azure VMs, maintaining read-only DCs at each on-prem site, and adding users/computers from the new sites to the primary domain. Am I on the right track, or is there anything crucial I'm missing?

5 Answers

Answered By VMPlanner01 On

Remember to migrate the FSMO roles to the Azure DC as part of the process. That’s a crucial step to ensure proper functionality.

Answered By NetworkingNinja21 On

When I made this transition, I found B-series VMs were perfect—they're cost-effective and work well. Make sure to configure everything properly before promoting them to DCs, and don’t hesitate to recreate VMs if needed! Also, check out Microsoft's documentation for best practices.

Answered By CloudGuru77 On

Everything looks good! Just make sure to change the DNS settings in Azure to point to your newly promoted DCs. Also, consider the time source settings as those can cause issues if not configured correctly.

Answered By SecuritySavvy42 On

One thing to watch out for is network connectivity to Azure—losing that could impact services like DHCP. It’s essential to have redundancy in place to avoid issues during outages.

Answered By TechWhiz88 On

You’re on the right track! I recommend setting up a new site in the Active Directory Sites and Services specifically for Azure. RODCs are only necessary if latency is a concern or if you’re still using roaming profiles—so if you have a solid connection to Azure, you might not need them. Don't forget to update your on-prem DNS to point to the new Azure DCs and set up private DNS zones in Azure too!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.