AD Sites and Services - Config Query Post Migration of all on-prem DCs to Azure as IaaS VMs

Ant 1 Reputation point
2020-08-03T13:54:52.287+00:00

We have recently moved all on-premise domain controllers over to Azure as standard IaaS VMs (not to be confused with Azure AD DS which we are not using).

No issues have been found running repadmin /syncall or dcdiag and all seems to be fine in that regard.

In the AD Sites and Services console, we have a single site link which comprises two AD sites:

  • One representing our on-premise environment
  • One representing our Azure IaaS environment

As expected, following the migration of the on-premise DCs to Azure, there is no longer any server objects listed under our on-premise AD site node in the AD Sites and Services console.

My initial thoughts were to delete this on-premise AD site to 'clean it up'.

However, I'm not sure if I actually need to leave it in place to enable clients/devices in on-premise subnets to be still able to authenticate via DCs (all of which are now in Azure).

Reason for being cautious is that the AD Sites and Services console shows a list of subnets that are linked to the on-premise AD site, and with these subnets corresponding to IP ranges associated purely with the on-premise Infrastructure (e.g. on-premise server, on-premise client and on-premise VoIP IP ranges).

15139-ad-site-query.png

Questions:

  • Should I delete the on-premise AD site or will this prevent on-premise clients/users from being able to authenticate via the DCs (all now located in Azure)?
    My understanding is that AD Site Subnets exist both to control the flow of AD replication and also to guide clients/users to the closest DCs for authentication.
  • If I should delete the on-premise AD site, do I first need to link those on-premise subnets to the AD site associated with the Azure IaaS environment
    I'm doubtful this is correct given those subnets represent IP ranges that physically exist only within the on-premise environment.

Hoping someone can clarify for me please!

Thanks
Ant

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,149 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 20,791 Reputation points Microsoft Vendor
    2020-08-04T02:40:34.057+00:00

    Hello Ant-4544,

    Thank you for posting here.

    Here are the answers for your references.

    Q1: Should I delete the on-premise AD site or will this prevent on-premise clients/users from being able to authenticate via the DCs (all now located in Azure)?
    My understanding is that AD Site Subnets exist both to control the flow of AD replication and also to guide clients/users to the closest DCs for authentication.

    A1: If we do not need on-premise AD site any longer in the future. We should delete the on-premise AD site.
    If we delete on-premise AD site without DCs, it will not prevent on-premise clients/users from being able to authenticate via the DCs.

    If you keep the on-premise AD site without DCs, this on-premise AD site will register SRV records using its closest DC information, then clients/users will find their closest DCs to authenticate.

    We should delete the on-premise AD site If we do not need it any longer in the future. Before deleting it, we should link those on-premise subnets to the AD site associated with the Azure IaaS environment. Then clients/users will find DCs in Azure IaaS environment to authenticate.

    Q2: If I should delete the on-premise AD site, do I first need to link those on-premise subnets to the AD site associated with the Azure IaaS environment
    I'm doubtful this is correct given those subnets represent IP ranges that physically exist only within the on-premise environment.

    A2: We should delete the on-premise AD site and we should first link those on-premise subnets to the AD site associated with the Azure IaaS environment.

    Hope the information is helpful. If you have any questions or concerns, please feel free to let us know.

    Best Regards,
    Daisy Zhou