Contact Us

Disclamer

Visit our disclaimer policy before making any changes to your system which may negatively impact the performance or make your system unresponsive.

Migrating Azure AD Connect

Don’t waste time figuring out how to migrate Azure Active Directory from one server to another. Do it quick and don’t waste your time and get it done within an hour.

Table of Contents

Prerequisite

  1. An Active Directory User Account with Domain and Enterprise Admin access
  2. An O365 Account with either Global Administrator or Hybrid Identity Administrator
    1. MFA must not be enabled on the 365 Account
  3. The Server must be either 2016, 2019, or 2022 with a GUI. No server core

Exporting Configuration from the Old Server

  1. Open Azure AD Connect
  2. Click the green “Configure” button
  3. In the second row, “View or export Current Configuration” and hit the “Next” button
  1. Click the “Export Settings” button and save the file as a JSON. We will need this file later.

Configuring the new server

  1. Enable TLS 1.2
    1. Run the script below in an admin PowerShell session, you can also copy the code from Microsoft here.
    2. After TLS 1.2 is enabled, reboot the server.
  •  
				
					If (-Not (Test-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'))
{
    New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'))
{
    New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'))
{
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'))
{
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null

Write-Host 'TLS 1.2 has been enabled. You must restart the Windows Server for the changes to take affect.' -ForegroundColor Cyan
  1. Download Azure AD Connect from the Microsoft link here or from us here. This will be version 2.3.20.0
  2. Run the installer, and on the welcome screen, accept the license terms and privacy notice and hit the “Continue” button
  3. Hit the “Customize” button
  4. Click the “Import synchronization settings” checkbox
    1. Click the “Browse” button and find the file from step 4 in the section: Exporting Configuration from the Old Server
    2. Hit the “Install” button
  1. Enter the O365 account that is either a Global Administrator or Hybrid Identity Administrator and hit the “Next” button
  1. Click the “Change Credential” button
  1. In the popup, enter the Active Directory account with Domain and Enterprise Admin and hit the “OK” button.
    1. The format is domainName\UserAccount
    2. Once the popup window closes, hit the “Next” button and hit the “Next” button again
  1. Uncheck “Start the synchronization process when configure completes” and click the “Install” button
  1. Once the installation finishes, hit the “Exit” button

Stopping the Sync from the Old Server

  1. Open Azure Active Directory and hit the “Configure” button
  2. Click the row “Configure staging mode” and “Next” button
  1. Enter the O365 account that is either a Global Administrator or Hybrid Identity Administrator and hit the “Next” button
  1. Enter the O365 account that is either a Global Administrator or Hybrid Identity Administrator and hit the “Next” button
  1. Select the “Configure” button and then the “Exit” button

Enabling Sync on the New Server

  1. Repeat the steps, but instead of checking the box for “enable staging mode,” you will uncheck it. Hit the “Next” button
  1. After Azure Active Directory closes, visit https://admin.microsoft.com/ and check for AD sync.
    1. You might need to wait for a few minutes while sync completes.
Picture of Murphy
Murphy
Michael “Murphy” has BA in Computer Technology from Wayne State University and is a System Engineer for a food manufacturer in the Chicagoland area.
Contact Us

Contact Us