![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 35%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
6,798 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
You can consolidate multiple on-premises AD domains into a single domain with an Azure VM acting as the sole Domain Controller (DC). However, moving to a single cloud-hosted DC comes with considerations regarding connectivity, performance, and redundancy. Here is an approach you can use:
- Consolidate the AD domains
Before moving to Azure, complete the domain consolidation:
- Identify and migrate all objects (users, computers, groups) from the multiple domains into the target domain.
- Resolve any conflicts (e.g., duplicate usernames or group names).
- Update group policies, scripts, and applications to align with the new domain structure.
- Configure Azure networking
Create an Azure virtual network:
- Ensure the Azure VM is deployed in a VNet that allows communication with all your remote locations.
- Establish a secure connection between your on-premises networks and Azure. This can be done by using either a site-to-site VPN or ExpressRoute.
- Configure the virtual network to use on-premises DNS resolvers.
- Deploy the Azure VM Domain Controller
Create an Azure VM:
- Deploy a Windows Server VM in Azure that meets the requirements for a DC.
- Install the Active Directory Domain Services (AD DS) role.
- Promote the VM to a DC for the consolidated domain and configure it as a DNS server
- Modify the DNS configuration of the VNet to point to the newly promoted VM as the DNS resolver
- Set the Azure VM DC as the primary DNS server for all clients in your environment.
- Configure DNS forwarding if needed.
- Decommission On-Premises DCs
After verifying that all authentication and services work with the Azure-hosted DC:
- Demote the on-premises DCs.
- Remove them from the domain.
Btw. you should deploy another Azure VM-hosted DC for redundancy reasons.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin