Hello everyone! I'm an IT Specialist I just joined a medium-sized law firm in the UK, and they want me to migrate their Domain Controller (DC) to Azure. While I have experience with Azure, I've never done a migration like this before. Our DC is currently hosted by a managed service provider, and I'm looking for guidance on what information I need to gather before starting the migration, as well as the steps involved. Any tips or advice would be hugely appreciated!
4 Answers
Quick tip: You’ll definitely want to make a Site-to-Site VPN first and set up a new server for the Azure DCs, then transfer those roles over. Trust me, I made the mistake of migrating a DC without proper planning and it was a nightmare to fix!
You'll want to set up a VPN between your on-premise infrastructure and Azure. Create new Domain Controllers in Azure, preferably using Windows Server 2022, and join them to your existing on-prem domain. Once they're up and running, transfer the Flexible Single Master Operations (FSMO) roles to the new Azure DCs. After that, you can demote your local DC in a phased manner. This process worked smoothly for us during our migration.
Using 2022 means you’ll have a more stable setup as 2025 might have newer features that could introduce complications.
If you're dealing with DCs, remember that not only do you need to replicate them in Azure, but your on-prem DC probably serves as a DNS server as well. You'd want to ensure other devices are no longer using it for DNS services before you decommission the old one.
Make sure to clarify whether by DC you mean Domain Controller or Data Center! The migration process will differ depending on that. Assuming you are referring to Domain Controllers, I suggest setting up a Site-to-Site VPN or ExpressRoute for hybrid connectivity. Then, create new DCs in Azure that are connected to the same domain. Don't forget to handle DNS dependencies before you retire the old DC.
Why do you recommend using 2022 instead of 2025?