Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
7
29
2020
10.1.2021

How to Migrate Azure AD Connect to a New Server Within the Same Forest

Last updated:
2.5.2021
10.1.2021

With Windows Server 2008 reaching end of life, decommissioning the old servers still running in your production environment poses a serious security risk. Sometimes you still have some critical services running on them that need to move to another server before they can be decommissioned. Recently I had to migrate Azure AD Connect from an old 2008 domain controller to a new Windows 2019 server.

Most of the guides I found online only talk about how to do a fresh install of Azure AD Connect. I wanted to be able to preserve all the existing rules and settings and not disrupt anything for the users. It is possible to manually document all the settings by digging deep into the Azure AD Connect tool, but there is always a chance to miss something.

Here are the steps I followed to do it.

  1. Discovery: Getting your current configuration is very important discovery step. You should also make note of the service account used. A handy command to get your current configuration is:
    Get-ADSyncServerConfiguration –Path C:\Projects\AADMigrate\DC1
  2. Install Azure AD Connect on the new server. Choose custom settings. We will be using the option to import synchronization setting from an existing server. This is currently in public preview.
  3. Copy the MigrateSettings.ps1 file. You can find it in the Azure AD Connect tools directory onthe old Azure AD Connect server. The default location is C:\Program Files\Microsoft Azure AD Connect\Tools.
  4. Export the current configuration using the PowerShell script. The output will be saved in C:\ProgramData\AADConnect\Exported-ServerConfiguration with a randomly generated GUID added at the end.
  5. Copy the exported data folder to the new server. This will be used in the coming steps.
  6. Return to the installation wizard on your new server.
  7. Select the last option that says Import synchronization settings and then specify the location. Browse to the location where you copied the exported data in step 5 and select the MigratedPolicy.JSON file to import the settings.

Set the synchronization to staged mode but do not sync anything at this time. This is because we still have to disable sync from the original server to avoid any issues.

At this point you have the migrated configuration and applied configuration in JSON format. It is recommended to compare them for any changes. I used a tool called Beyond Compare to compare both files and note the differences. Of course, you will expect the application version, server names and such to be different.

Go to the original server and launch Azure AD Connect. Select configure and then enable staging mode. This will disable synchronizations from this server to Azure AD.

Return to the new server and launch Azure AD Connect again. Choose configure and this time enable synchronization.

Make sure to check Azure AD Connect Synchronization Utility for any sync errors. Do the same with the Azure AD Connector Health in Azure AD. Monitor it for any ill effects of the migration for a few days.

If all is well, you can continue to remove Azure AD Connect from the old server altogether to complete the decommissioning of your old Windows 2008 server.

Resources used:

Recent Blog Posts

lunavi logo alternate white and yellow
11.29.2021
11
.
05
.
2021
Improve Your Cloud Security Posture with Azure Security Center

Azure Security Center can help you strengthen your security posture by providing “at a glance” security updates via Secure Score, leveraging Azure policies behind the scenes, and keeping you compliant. In addition, Security Center recommendations can help you rapidly rectify any security concerns in your environment.

Learn more
lunavi logo alternate white and yellow
10.1.2021
07
.
19
.
2021
How Lunavi Approaches Digital Transformation: HostingAdvice Company Profile

For prospective clients and partners, the history, ethos, and capabilities of a vendor are paramount. HostingAdvice.com recently profiled Lunavi to explore our approach.

Learn more
lunavi logo alternate white and yellow
10.1.2021
04
.
26
.
2021
Test Automation Best Practices: Balancing Confidence with Efficiency

Automation can instill confidence to release software and improve the team’s ability to create high-quality applications in the fastest and most efficient way possible. Essentially, it eliminates the need to compromise or choose one set of priorities over another. Instead, it allows teams to strike a balance between confidence/coverage and speed/efficiency. But automation isn’t a one-size-fits-all solution.

Learn more