Migrate Azure AD Connect to a New Server

Migrating Azure AD Connect to a new server can be a daunting task, but with the right steps, it can be a seamless process. Ensure you have a new server that meets the system requirements, which include a 64-bit operating system, at least 2 GB of RAM, and a 1.4 GHz processor.

You'll need to download the Azure AD Connect installation media and have it ready for the migration. This can be done from the Microsoft Download Center or by using the Azure AD Connect installer on the new server.

Before starting the migration, make sure to stop the Azure AD Sync service on the old server to prevent any conflicts during the process. This will help ensure a smooth transition to the new server.

Before you start the migration process, you need to prepare your new server and gather necessary information. Make sure you have access to your Microsoft 365 Email Backups in a service like Datto Backupify and that they are current.

You'll also want to take screenshots of your current AD Connect Config and export the settings to a JSON file via the Export Settings button. This will come in handy later when you set up the new server.

Here are the prerequisites for a smooth migration:

Before you start the Azure AD Connect installation, you need to prepare your environment. This involves several steps, including installing a new Server 2016 or above, enabling TLS 1.2, and installing the latest ADConnect v2 installer.

To ensure a smooth installation, you'll also need to export the ADConnect settings from your current active ADConnect install. This will give you a backup of your current configuration and make it easier to set up the new installation.

Make sure you have a Cloud Global Admin Account on Azure/M365 that is not tied to your Active Directory, as well as Microsoft 365 Email Backups already in place.

Here's a list of prerequisites to ensure you're ready for the installation:

It's also essential to pre-create the group Managed Service Account and database if you're using a Microsoft SQL Server to store the Azure AD Connect database. This will ensure that the new installation has the necessary permissions and settings to function correctly.

Before exporting your Azure AD Connect configuration, make sure you have access to your Microsoft 365 Email Backups in a service like Datto Backupify and that they are current.

It's essential to take screenshots of your current AD Connect Config, as this will help you track any changes during the setup process.

To export your settings, use the Export Settings button in the Azure AD Connect tool, which will save your configuration to a JSON file by default in the %ProgramData%AADConnect folder.

You'll also want to screenshot the User Sign-In Settings section, as this information is not exported in the JSON file.

Here's a quick rundown of the steps:

Remember to save the JSON file as a backup for future reference, as your AD Connect setup likely doesn't change often.

Service accounts are a crucial part of setting up Azure AD Connect. You'll need to create two service accounts: a local account on the Windows Server installation running Azure AD Connect, and a synchronization account in the Azure Active Directory tenant.

This local account can be either an automatically created virtual service account (VSA) or an Active Directory-based group Managed Service Account (gMSA). However, if you use a Microsoft SQL database, you cannot use a VSA.

You'll also need to create a synchronization account in the Azure Active Directory tenant, which will be automatically created or pre-configured per Active Directory Domain Services environment. Make sure to create this account in Active Directory before starting the configuration of Azure AD Connect on the second server.

Here are the specific steps to create the group Managed Service Account (gMSA) and database:

Note that you should not reuse service accounts or databases between Azure AD Connect installations.

You're considering moving your Azure AD Connect server to a new one, and that's a great idea. Here are some compelling reasons to do so.

Azure AD Connect V2 requires a more modern operating system, specifically Server 2016 or higher, so it's time to upgrade if you're still on an older version.

You might be dealing with a server that just won't start, and moving to a new one can be a lifesaver. This could be due to various reasons, but a fresh start is always a good option.

Decommissioning old Windows Servers is a great opportunity to move Azure AD Connect to a newer, more reliable server. This will help you declutter your infrastructure and reduce maintenance headaches.

Here are the main reasons to move your Azure AD Connect server in a nutshell:

To migrate Azure AD Connect to a new server, you'll need to export your settings from the old server. You can do this by launching the Azure AD Connect tool and selecting the View or Export Current Configuration task. This will display a quick summary of your settings, along with the option to export your server's full configuration.

The settings are exported to %ProgramData%AADConnect by default, but you can choose to save them to a secure location to ensure their availability in the event of a disaster. To ensure logical consistency, settings are exported using the JSON file format and should not be hand-created or edited.

To import the settings into the new server, you'll need to select the Import synchronization settings checkbox and browse to the exported Azure AD Connect .json file. Clicking Install will complete the import process.

The import installation experience is designed to be simple and easy to use, with minimal user input required. You can only make a few changes during the installation process, including changing the Azure Active Directory credentials, user sign-in options, on-premises directory credentials, and configuration options.

Here's a summary of the changes you can make during the import process:

The import process is identical to the clean install experience, except you cannot add or remove directories. By default, Staging mode is enabled to allow comparison of configuration and synchronisation results prior to actively exporting the results to Azure.

Verification and Validation is a crucial step in migrating Azure AD Connect to a new server. You need to ensure that your settings haven't changed during the migration, which could lead to issues with your cloud accounts or mailboxes.

To verify settings, you can use the Microsoft Azure AD Connect Configuration Documenter, which will give you a HTML report showing all the settings and differences between the two server configurations.

Here's a step-by-step guide to verify your settings:

If no major differences are found, you can proceed with promoting your staging server to production. Additionally, verify the synchronization status on the new server, ensuring it shows a success status without any errors or permissions issues.

Verification is a crucial step in ensuring that your Azure AD Connect setup is working correctly. You can use the Microsoft Azure AD Connect Configuration Documenter to generate a report that highlights any differences between the old and new server configurations.

This report can be generated by following the steps outlined in the configuration documenter, which involves exporting the full configuration via PowerShell on both the old and new AD Connect servers. You'll need to create a new folder and copy the exported configurations into it, then update the folder path in the configuration documenter script.

To verify the Azure AD Connect synchronization, check the synchronization status to ensure it shows a success status without any errors or permissions issues. You can also use PowerShell to force a sync if needed.

Comparing the imported settings file to the exported settings file of the newly deployed server can help identify any differences between the intended and resulting deployments. This can be done using a side-by-side text comparison application.

Here are the steps to check the synchronization service for errors:

By following these steps, you can ensure that your Azure AD Connect setup is working correctly and identify any potential issues before they cause problems.

To verify the user sign-in settings, you'll need to check the settings on the old Azure AD Connect server.

Take a screenshot or write down the User sign-in settings, as they won't be exported by the Azure AD export configuration.

To ensure a smooth migration, select the same User sign-in settings configured on the old Azure AD Connect server.

Azure AD Connect V2.0 brought significant changes that impact verification and validation processes.

One of the major changes is the new Azure AD Connect V2.0 documentation, which is a must-read for anyone working with the platform.

The new documentation provides a comprehensive overview of the changes and how they affect verification and validation.

Azure AD Connect V2.0 requires a fresh approach to verification and validation, and understanding the changes is crucial for success.

Reading the official Azure AD Connect V2.0 documentation is essential to stay up-to-date with the latest changes and best practices.

Migrating Azure AD Connect to a new server requires a series of steps that ensure a smooth transition.

To migrate settings, you'll need to start by running a PowerShell script that extracts the existing settings from the old server. This script is called MigrateSettings.ps1 and can be found in the Microsoft Azure AD Connect Tools directory.

Next, you'll need to start Azure AD Connect on the new staging server and exit at the Azure AD Connect Welcome page. This will allow you to migrate the settings to the new server.

The migration process involves several steps, including inventorying the current Azure AD Connect installation, exporting the Azure AD Connect configuration, and comparing the export to the applied synchronization policy.

Here's a breakdown of the migration steps:

Upgrade Azure AD Connect

Inventory the current Azure AD Connect installation

Export the Azure AD Connect configuration

Compare the export to the applied synchronization policy

By following these steps, you'll be able to migrate your Azure AD Connect settings to the new server and ensure a seamless transition.