Azure AD Connect Swing Migration Step by Step

Azure AD Connect Swing Migration requires careful planning to ensure a smooth transition.

The first step is to identify the source and target forests, which will determine the scope of the migration.

Plan for a cutover migration, where all users are migrated at once, or a staged migration, where users are migrated in batches.

A cutover migration is ideal for small to medium-sized environments, while a staged migration is better suited for larger environments.

You'll need to configure the Azure AD Connect server and install the necessary software, including the Azure AD Connect Health agent.

The Health agent provides real-time monitoring and troubleshooting capabilities, helping you identify and resolve issues quickly.

Make sure the Azure AD Connect server is joined to the domain and the necessary firewall rules are configured.

This will ensure secure communication between the Azure AD Connect server and the domain controllers.

Take a look at this: Azure Connected Machine Agent.msi Download

To ensure a smooth Azure AD Connect swing migration, it's essential to meet the prerequisites outlined in the pre-installation procedure.

First and foremost, you need to have a System Engineer with hands-on experience in Microsoft technology, preferably with 15+ years of experience, to oversee the migration process.

Before proceeding with the migration, you should ensure that the prerequisites for a new AD Connect server are met, including the pre-installation procedure outlined in the Azure AD Connect installation and migration section.

The pre-installation procedure will help you create and optimize Microsoft-based systems, delivering efficient solutions aligned with business goals.

As a seasoned System Engineer, I can attest that having a clear understanding of the prerequisites will save you time and effort in the long run.

The prerequisites for a new AD Connect server include a smooth migration of Azure AD Connect to a new server, which will ensure minimal disruption to your existing systems.

You might like: Azure Ad Connect Windows Server 2012 R2

To import and install Azure AD Connect on your new server, you'll need to follow a few key steps.

First, proceed with the installation wizard and click Customize on the Welcome screen. Then, choose to Import synchronization settings and browse to the folder where you copied the MigratedPolicy.json file.

You'll need to provide Azure Active Directory credentials, which will be suggested as the account name for the Azure Global Administrator used to configure the original server. However, you'll need to change it if you want to synchronize information to a new tenant.

User sign-in options are also selected by default, but you might need to set up a server with different options in rare cases. Otherwise, select Next to use the same settings.

On-premises directory credentials require providing credentials to create a synchronization account or supply a pre-created custom synchronization account. This is identical to the clean install experience, except you can't add or remove directories.

To configure initial settings, you might choose to start automatic synchronization or enable Staging mode, which is intentionally enabled by default to allow comparison of the configuration and synchronization results.

Here are the key settings you'll need to provide during installation:

Once you've completed the installation, you'll need to validate the new installation to confirm all settings have been imported successfully.

To ensure a smooth transition, it's essential to thoroughly explore the current configuration of Azure AD Connect. This involves documenting the existing settings, including synchronization options, filtering configurations, and any customizations applied.

The current configuration should be exported from the existing server, which typically includes extracting synchronization rules, connector configurations, and any customizations made within Azure AD Connect. This export is crucial for a seamless transition to the new server.

Before importing the configuration onto the new server, it's vital to validate the new installation to confirm all settings have been imported successfully. This can be done by comparing two files, the original file that was exported from the old server and the new file created when configuring the new server.

To facilitate the import process, you'll need to provide the following information when clicking Install: Azure Active Directory credentials, user sign-in options, on-premises directory credentials, and configuration options. These settings can be made after installation from the Azure AD Connect wizard.

For more insights, see: Azure Ad Directory Roles

Here's a summary of the steps involved in the migration process:

Upgrading Azure AD Connect is a crucial step in the swing migration process. You can download the latest version of Azure AD Connect from the Microsoft Azure Active Directory Connect page and save the AzureADConnect.msi installer.

Before upgrading, ensure your server meets the requirements for Azure AD Connect v2, which includes running on Windows Server 2016 or newer, SQL Server 2019 LocalDB, and TLS 1.2 on the server. You'll also need the Microsoft Visual C++ 2014 Redistributable Package required by SQL Server 2019.

To upgrade Azure AD Connect, right-click the AzureADConnect.msi file and click Install. You'll be presented with the Upgrade Azure Active Directory Connect window, where you can enter the Azure AD global administrator or hybrid identity admin credentials and click Next.

After the upgrade, ensure the option to start the synchronization process when configuration completes is selected. You can then check the new Azure AD connect version in the Control Panel > Programs and Features, where you'll see the new version, such as 2.0.8.0.

To verify the TLS 1.2 settings on your Azure AD Connect server, you can use the following PowerShell script.

Recommended read: Azure Ad Connect Move to New Server

The upgrade process for Azure AD Connect can be a bit complex, but don't worry, I've got you covered. To upgrade Azure AD Connect, you'll need to download the latest version from the Microsoft Azure Active Directory Connect page and save the AzureADConnect.msi installer to your Windows Server.

You can either perform an in-place upgrade on the same server or a swing migration to a new server. During the in-place upgrade, synchronization to Azure AD will pause, so you'll need to reenable sync after the upgrade completes.

Exporting the Azure AD Connect configuration is a good idea before upgrading, as it will save you from having to reconfigure everything after the upgrade. You can export the configuration to a .json file and save it to a shared folder or a different Windows Server.

To export the configuration, go to the Additional tasks section and select View or export current configuration, then click Export Settings. This will export the settings from Azure AD to a .json format file.

You might enjoy: Azure Auth Json Website Azure Ad Authentication

The upgrade process may require some infrastructure changes, depending on your current setup. For example, you may need to upgrade to Windows Server 2016 or newer, SQL Server 2019 LocalDB, and ensure TLS 1.2 is enabled on the server. You'll also need to have PowerShell 5.0 installed.

If you don't update Azure AD Connect, you may face technical difficulties, such as problems with AD object syncing, which can lead to security risks and user experience issues. So, it's essential to plan ahead and upgrade to Azure AD Connect v2 before the 2022 deadline.

Here are the steps to follow for a successful upgrade:

To check the version of Azure AD Connect, you can use one of the following methods. The easiest way is to check via Programs and Features, where you can find the installed version of Azure AD Connect.

You can also check the version using PowerShell. To do this, you'll need to have PowerShell version 5.0 or greater installed on your server. If you're unsure, you can use the following PowerShell cmdlet to check the PowerShell version installed on your server.

Another way to check the version is via the Azure Active Directory Synchronization Service. However, this method is not as straightforward as checking via Programs and Features.

A unique perspective: Powershell Azure Ad