By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Domain Controller Migration from On-premise to AWS

0

Dear Experts, We want to migrate on-premise domain controller to AWS. As I understand that are two options, one is migrating to Microsoft Managed AD and second is using the two ec2 instances to create the domain controller from scratch and then add it in the existing domain controller group of on-premise. This way we will be having two domain controllers running in on-premise and two domain controller in AWS. We will remove the on-premise domain controller once we are confident with AWS installed and configured domain controllers. Which you think would be the best approach for migrating DC. I am looking for approach which is less risky and easy to execute. For example with managed Microsoft AD, do we need to keep the on-going trust setup with on-premise domain controller. What should be the strategy for the two approach. With the two approach, please share the technical steps to follow.

Topics
Migration & ModernizationSecurity, Identity, & ComplianceCompute
Tags
Migration & ModernizationAWS Directory ServiceWindows Provisioning
Language
English
RiJo
asked 2 years ago466 views
1 Answer
0

To answer this the main question you need to ask is whether you want to join machines you migrate to AWS to a new domain. If you want migrated machines to be part of their existing domain then you will have to go down the self managed AD route. You also need to ask if you wish to keep your existing user/group setup, these are in your existing domain and will not be migrated to AWS Managed AD in a trust setup therefore if you want to keep these you would need to migrate to a self managed instance.

From my experience in migration scenarios I see self managed and build new AWS Managed AD

There is a good quickstart here which should help with the technical steps (You'll likely want scenario 2). In a full migration scenario as well as the post steps you will need to decommission the existing domain controllers, including transferring all the FSMO roles to your new domain controllers

AWS
EXPERT
Peter_G
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content