Mar 22 2018
- last edited on
Jul 24 2020
So interesting scenario here. I have a domain controller that is older Windows 2012R2 essentials domain controller with one domain which we will call "widgets". We also have O365 and used the native sync tools at the time to sync to Azure AD. We want to get over to a new 2016 domain controller, but have the new domain called "widgets.corp". What is the best way to migrate to the new DC without breaking the Azure sync stuff? Would it simply be installing AD Connect on new DC?
Mar 22 2018 02:34 PM
The best practice is to migrate your Windows 2012R2 to 2016 within the same domain to avoid issues, because your on-premises AD in your scenario is different.
Is possible but it's a complex migration and is advised to contact a partner with experience with your scenario.
Mar 22 2018 02:53 PM
the complexity comes from the fact our current AD pushes up to AzureAD (using a deprecated mechanism). We also need the new DC to do the same – push up to Azure AD using whatever the most up-to-date syncing mechanism is(I assume AD Connect). The problem is the all of our laptops are joined to the AzureAD, and trying to figure out if there was a way to do the migration without breaking that.
Mar 22 2018 03:03 PMSolution
Migrate your active directory to a new Domain Controller in the same domain.
With this process you will not breaking nothing.
Read more about staging mode here https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-oper...
Mar 22 2018 05:21 PM
That looks feasible, but are you saying that migrating that DC to a different domain and domain controller is going to cause issues or is an entirely different set of steps?
Mar 22 2018 07:52 PM
Mar 22 2018 07:52 PM
Mar 23 2018 03:22 PM
Okay understood about the migrating domain and controllers at the same time. Let me ask this though: what if the old 2012 domain controller is really flat and no systems are joined to the domain, etc. basically its just being used to sync to Azure and maybe some users and groups. In that scenario, could I just build the new DC(2016) with the new domain name from scratch and simply install Azure AD connect? Would i still have to do "staged mode" and deprecate the old sync or is that no longer necessary since its a different domain. BTW, thank you for all your help; definitely learning a lot.
Mar 23 2018 04:12 PM
If it is your source, is the best way to migrate the domain controller. You will need to do the staged mode to do not have issues and big downtime without staging mode. It's just a few more steps.