Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Migrate Azure AD Connect to a New Server

  • March 31, 2020
  • 8 min read
Cloud and Virtualization Architect. Paolo is a System Engineer, VCP-DCV, vExpert, VMCE, Veeam Vanguard, and author of the virtualization blog nolabnoparty.com
Cloud and Virtualization Architect. Paolo is a System Engineer, VCP-DCV, vExpert, VMCE, Veeam Vanguard, and author of the virtualization blog nolabnoparty.com


migrate-azure-ad-connect-new-server-01

To synchronize Active Directory accounts with the Office 365 environment, the sync tool used to achieve this scope is Azure AD Connect (AAD Connect).

For whatever reason (infrastructure upgrade plan, for instance), you may need to migrate the server with the Azure AD Connect tool installed to a new one.

To succeed with server replacement, the Azure AD Connect tool must be migrated following the correct steps to avoid potential synchronization issues.

Azure AD Connect

Install Azure AD Connect to the New Server

The new server should be joined to the AD domain with a static IP address and updated with the latest patches.

Although it is not mandatory, it is recommended to migrate AAD Connect instances with the same build in order to have the same features and options. When the new server is ready to go, download from Microsoft website the Azure AD Connect tool and copy it into the new server.

Run the installer and accept the EULA. Click Continue.

Install Azure AD Connect

Select Customize to customize the AAD Connect installation.

AAD Connect express settings

Based on your current infrastructure, specify the required components, then click Install.

Specify required components

AAD Connect components are being installed on the new server.

AAD Connect components

Select preferred Sign-in options and click Next.

Sign-in options

Enter the Office 365 Administrator credentials to connect to Azure AD, then click Next.

Office 365 Administrator credentials

Credentials are being validated.

Credentials

Click Add Directory to add your directories.

Add Directory

Select Create new AD account and enter the Enterprise Admin credentials to create a new account used by the tool for periodic synchronization. Click OK.

Create new AD account

The directory has been added successfully. Click Next.

Connect your directories

To sign-in to Azure with the same credentials as your on-premises directory, a matching Azure AD domain is required. Check Continue without matching all UPN suffixes to verified domains option if one UPN suffix is not added. Click Next.

Azure AD domain

To specify OUs to synchronize, choose Sync selected domains and OUs option and specify required OUs.

Sync selected domains and OUs option

Specify how users should be identified in the on-premises directories then click Next.

Identifying users

Select Synchronize all users and devices and click Next.

Synchronize all users and devices

Specify optional features then click Next.

Specify optional features

To enable single sign-on, click Enter credentials and specify the Domain Admin credentials. Click OK.

Domain Admin credentials

When the forest has been configured successfully, click Next.

Single sign-on

Select Enable the staging mode option to avoid exporting any data to AD or Azure AD. Click Install.

Enable the staging mode

The Azure AD Connect tool is being installed.

Azure AD Connect tool

After a few minutes, the installation process is complete. Click Exit to close the wizard.

Configuration complete

Migrate AAD Connect to the New Server

The migration process is pretty quick and, during the procedure changes between directories, won’t be synchronized.

Enable Staging Mode in the OLD Server

From the old server, run the AAD Connect tool and select Configure.

AAD Connect tool

Select Configure staging mode and click Next.

Configure staging mode

Enter the Azure AD administrator credentials and click Next.

Azure AD administrator credentials

Tick Enable staging mode checkbox then click Next.

Enable staging mode

Disable Start the synchronization process when configuration completes option and click Configure.

Start the synchronization process when configuration completes

When the staging mode feature has been enabled, click Exit to close the wizard.

Configuration complete

Disable Staging Mode in the NEW Server

From the new server, open the AAD Connect tool and select Configure.

AAD Connect tool

Select Configure staging mode and click Next.

Configure staging mode

Enter the Azure AD administrator credentials and click Next.

Azure AD administrator credentials

Uncheck Enable staging mode checkbox then click Next.

Enable staging mode

Enable Start the synchronization process when configuration completes option and click Configure.

Start the synchronization process when configuration completes

The environment is being configured.

The environment is being configured

When the staging mode feature has been disabled, click Exit to close the wizard.

Exit to close

Decommission the OLD Server

If you no longer need the old AAD Connect server, you can safely decommission it through the uninstall procedure. Open the Control Panel and access the section Programs > Uninstall a program. From the list, select Microsoft Azure AD Connect and click Uninstall.

Control Panel

If you no longer need to keep these components, enable Also uninstall supporting components and click Remove.

Also uninstall supporting components

Components are removed being from the system.

Components are removed from the system

When the uninstall process completes successfully, click Exit. The Azure AD Connect tool has been removed from the old server.

The Azure AD Connect tool has been removed from the old server

Check Synchronization

Log-in to your Office 365 portal, and check the synchronization status.

Login to your Office 365 portal

The new server is now fully operative and the old server can be safely removed from the domain and dismissed.

Found Paolo’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!