You may already know Azure AD Domain Services, an Azure service which extends your on-premises directory service (AD DS) to a managed domain service, allowing you to deliver AD DS domain join, group policies, LDAP and/or Kerberos/NTLM authentication capabilities within your Azure environment without the need to deploy domain controllers virtual machine on Azure (to know more https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview).
Well, if you were an early adopter of Azure AD DS, your service has been deployed using the ‘old’ Azure deployment mode called Azure Classic.
Since then, Microsoft has moved on to the Azure ARM model, leaving your Azure AD DS in classic mode, restricting you to enjoy all the benefits of the ARM deployment and management mode.
Well, good news, you can now migrate your ‘classic’ Azure AD DS to ARM using PowerShell commands:
- Install-Script -Name Migrate-Aadds to install the migration script from the PowerShell Gallery
- Migrate-Aadds -Prepare –ManagedDomainFqdn <your domain services FQDN> -Credentials $creds to prepare the domain for the migration
- Migrate-Aadds -Commit -ManagedDomainFqdn <your domain services FQDN> –VirtualNetworkResourceGroupName <resource group where the vNet resides> -VirtualNetworkName <your vNet> -VirtualSubnetName DomainServices -Credentials $creds
During the migration process, there will be a downtime as the ‘back-end’ domain controllers will be offline during the migration; it is expected a downtime period between 1 to 3 hours.
In addition, of this you can now use ARM template to deploy Azure AD DS – you can download a sample of Azure AD DS ARM template by using the Azure AD Domain Services creation wizard and then use the Download a template for automation option at the end of the wizard.