New Azure Active directory connect versions don’t support Windows server 2012 R2 anymore. Let’s see how to safely move the Azure AD Connect to a new operating system. There might be various scenarios on why you need to move to a new operating system. We will be seeing how to bring a staging server in the same configuration and move the configuration from the old server to the new server. They have simplified the process in the new version of Azure Active Directory Connect.
We will be migrating from Windows Server 2012 R2 to Windows Server 2019 in the scenario. Configured with standard operating system settings like the old azure AD Connect server with a new IP Address.
- Export the Configuration of the existing Azure AD Connect server
- Install the new Azure AD Connect server with the imported settings (Staging Mode)
- Verify Staging Sync
- Set the Old Azure AD Connect server to staging mode (Optional)
- Uninstall Old Azure AD Connect server (Direct uninstall)
Login to the old Azure AD Connect server to export the current configuration. Note that this option is available in only the latest azure Active directory to connect versions you may not see it if you are running an older version.
Choose export settings to save the JSON file.
if you don’t see the option to Export the Current configuration. You may run an old version of Azure ad connect.
you can copy the latest applied JSON policy file from C:\ProgramData\AADConnect
Sample File will look like – Applied-SynchronizationPolicy-20210810-173952.json
Login to the new server which has the latest operating system. Download the latest Azure AD Connect version
Choose Customize. Â if you see an error to enable TLS1.2.
Choose Import synchronization settings. it’s not a preview anymore it’s a bug showing as a preview.
Choose password hash synchronization
Log in using your global administrator or hybrid administrator credentials
Choose the Enterprise admins credentials to create a service account
Make sure directory is configured
Staging Mode is Checked on New server and Choose install
Configuration is completed in staging mode in the new server.
Log off and log in so that permissions get applied to open the synchronization manager
Now you have two options to Put the old server into staging mode and direct uninstall it.
Logged into the new server.
Configure Staging mode in the old server
Enable the staging mode in the old server.
Choose Configure
Staging mode is successfully enabled.
Now get inside the new server and disable the staging mode. To bring the new server live.
You can keep track of the Directory sync status in Office 365 admin Center to check which server is syncing
In my case am moving from the Directory Sync Client version 1.5.30 to 2.0.8.0 for example
Now Staging mode is successfully disabled.
Now you can see the new server has taken over with the same settings.
Login to the old server add or remove programs – To initiate a complete uninstall.
Choose Remove
Uninstall is completed.
Remove the old MSOL Account that belongs to the old server.
you can delete the Old MSOL Account
Additional Sync admins can be added using the below group
Hi Satheshwaran,
I am trying to follow your article to do swing migration from AAD Connect on 2012 R2 to a new 2016 standard server.
When attempting to install the new AAD connect from the AzureADConnect.msi version 2.1.1.0 I am not getting the Staging mode option at the end of the setup.
Any idea what I am doing wrong?
I found it I missed the Customise Option. Sorry for bothering you.