Hey everyone, I recently started working as an IT Specialist at a law firm in the UK. My team wants to migrate our Domain Controller to Azure, but since I've only been here a month and haven't done a migration like this before, I'm looking for some guidance. We currently rely on a Managed Service Provider for hosting the DC. What information should I gather before we start the migration, and what are the key steps I need to follow to make this transition smooth? Any tips or best practices would be hugely appreciated!
4 Answers
First off, you'll want to set up a VPN connection between Azure and your on-prem setup. It's crucial to create new Domain Controller(s) in Azure—make sure to use Windows Server 2022 rather than 2025. Once you have the new DC(s) up and running, join them to your existing on-prem domain. After that, you can transfer the FSMO roles to the new DC(s) and gradually phase out the local DC by demotion. That's been my approach, and it worked out well!
That’s similar to how we handled our migration too, and it went smoothly!
Absolutely set up a Site-to-Site VPN and then create your new server(s) in Azure to transfer the roles. Trust me, I made the mistake of migrating a DC once (it was quite the headache to fix), so plan ahead and ensure you have all your bases covered before taking the plunge!
Are you looking to move the DCs as actual VMs into Azure, or are you thinking more in the direction of migrating to an Entra-joined environment? That might change the best practices a bit.
You should clarify what you mean by DC—is it Domain Controller or Data Center? To establish a clean migration, aim to create a hybrid network connection to your on-premises network using either Site-to-Site VPN or ExpressRoute. Set up a couple of new DCs in Azure, join them to the same domain, let them replicate, and once everything is confirmed working well, migrate the FSMO roles. Remember to check if your on-prem DC is functioning as a DNS server, and make sure devices aren't dependent on it for DNS before you decommission it!
Why do you suggest using 2022 over 2025?