Welcome to our new blog post about How to Migrate Azure AD or Entra ID Connect to a New Server. Migrating Azure AD Connect (now known as Microsoft Entra Connect) to a new server is a critical task for IT administrators who need to maintain seamless identity synchronization between on-premises Active Directory and Microsoft Entra ID (formerly Azure AD). Whether due to hardware refresh, operating system upgrades, or best practices in high availability, moving Entra ID Connect to a new server requires careful planning to avoid authentication disruptions. In this guide, we’ll walk through the key steps, best practices, and considerations to ensure a smooth migration process.
Table of Contents
When is Migration Necessary?
There are several scenarios where migrating Entra ID Connect to a new server becomes necessary. One common reason is hardware or OS end-of-life, where the existing server no longer meets system requirements or is running an outdated, unsupported operating system. Another case is performance optimization, where organizations move to a more powerful server to handle increased synchronization demands. Additionally, disaster recovery and redundancy may require migration to a new server as part of a high-availability strategy. Lastly, security and compliance considerations—such as upgrading to the latest encryption standards or moving to a more secure environment—can also necessitate this transition. Whatever the reason, a structured migration approach ensures minimal downtime and preserves identity integrity.
How to Migrate Azure AD or Entra ID Connect to a New Server
Step 1: Export Azure AD or Entra ID Connect configuration
In the first step, we will export the current configuration on the old server. This makes it very easy, to setup the new instance on the new server. Make sure you have access to the new server where Azure AD or Entra ID Connect is installed. Just follow the steps below.
- Connect to the Old Server
- Start Microsoft Azure AD Connect
- Click on Configure
We will first export the current configuration.
- Click on View or export current configuration
- Click on Next
Here you can see the current configuration. We will Export the settings to a .json file.
- Click on Export Settings
- Choose where you want to save it. You will need the file on the new server. Just keep this in mind.
You have now exported the configuration to a .json file.
Step 2: Check Azure AD Connect user sign-in settings
Not all configuration can be stored into the .json file. This is why we need to check the user sign-in settings currently configured. We will show you, where you can see the current configuration.
- Go back to the Additional tasks
- Click on Change user sign-in
- Click Next
Login with your Azure AD Admin. Now write down or just take a screenshot of the User sign-in settings. You will need to configure these settings in the new Azure AD or Entra ID Connect setup wizard.
- Login with your Azure AD Admin
- Write down or screenshot the User sign-in settings.
Step 3: Download Entra ID Connect
In this step we will download the latest Entra ID Connect application.
- Go to https://www.microsoft.com/en-us/download/details.aspx?id=47594
- Click on Download
Copy the executable to the new server. There we will install the Microsoft Entra ID Connect application.
Step 4: Create an Entra ID Sync Administrator
In this step we will create a new Entra ID Connect Administrator. We will need this Administrator to Sync the properties to and from Entra ID. You can also use the Global Administrator. But Microsofts best practices are, to create a new user. If you still want to use the Global Administrator, you can skip this step.
We create a new user and assign the Hybrid Identity Administrator Role. This role is enought to do the sync with Entra ID Connect. Just follow the steps.
- Go to the Entra ID Admin Portal.
- Create a new User. Give it a UPN, Display Name and Password.
- On the Assignments add the Hybrid Identity Administrator Role
Write down the username and password. We will need this in the next step.
Step 5: Install Entra ID Connect
In this step we will Install the Entra ID Connect software and configure the synchronization. In the last step we have downloaded the latest Entra ID Connect Software. Copy this executable to the new server and run it. Follow the steps below.
- Run the Entra ID Connect executable
- On the Express Settings click on Customize
Now we will upload the exported configuration json file from the previous steps. Make sure you have the configuration file on the new server.
- Tick the Import synchronization settings and navigate to the configuration file.
- Click on Install
On the user sign-in setting we will ned to copy the configuration from the old server. You should have write down or made a screenshot of the configuration.
- Check the Sign On method you write down or created a screenshot of it
- Select the Sign On method the same as the old server
- Click on Next
Enter the credentials of the Entra ID Administrator. You can either use the Global Administrator or the newly created Administrator from the last step.
- Enter the credentials of the Global or newly created Administrator from last step.
- Click on Next
On the Connect your directories:
- Click on Change Credentials
- Click on Create new AD account
- Login with your AD Administrator
- Click on Ok
- Click on Next
Last on the Ready to configure:
- Make sure Start the synchronization process when configuration completes is ticked
- Make sure Enable staging mode: When selected, synchronization will not export any data to AD or Microsoft Entra is ticked
- Click on Install
Wait for the Azure AD Connect upgrade to finish.
- Click on Exit
Step 6: Verify Entra ID synchronization
You have succesfully installed the Entra ID Connector on the new server. The new server is now syncing with Entra ID but it will not write or change any objects. It is still in staging mode. The old server is still the main operator and will sync the objects. We should still check, if the synchronization on the new server is working correctly. You can check the blog post to manually create a sync to Entra ID: How to force Entra ID Connect Sync with PowerShell
Step 7: Enable staging mode on old server
In the next two steps we will change the synchronization from the old server to the new one. Until now, the old server was still the main operator. The new server was also syncing, but did not change any data because it was on staging mode. We will now deactivate the old server by enabling staging mode. In the second step we will disable the staging mode on the new server. When this is done, the new server will synchronize the data to Entra ID.
To enable staging mode on the old server follow the steps below:
- Connect to the old server
- Run the Microsoft Azure Active Directory Connect software
- On the Additional tasks click on Configure staging mode
On the Configure staging mode screen:
- Enable staging mode
On the Ready to configure page, check the configuration and make sure Start the synchronization process when configuration completes is enabled.
- Click on Configure
Thats all. The old server will now not sync any data to or from Entra ID. In the next step we will disable the staging mode on the new server to make it the new main operator.
Step 8: Disable staging mode on old server
In the last step we enabled staging mode on the old server. In this step we will disable staging mode on the new server. After this step, the new server will sync data to and from Entra ID. To disable staging mode on the new server follow the steps below:
- Connect to the new server
- Run the Microsoft Azure Active Directory Connect software
- On the Additional tasks click on Configure staging mode
On the Configure staging mode screen:
- Disable staging mode
On the Ready to configure page, check the configuration and make sure Start the synchronization process when configuration completes is enabled.
- Click on Configure
Thats all. The new server will now sync any data to or from Entra ID.
Step 9: Uninstall Azure AD or Entra ID Connect
The last steps that you want to take care of on the old Azure AD Connect server are:
- Uninstall Microsoft Entra Connect
- Remove old AD DS Connector account
- Remove old Azure AD Connector account
You can also shut down the old Azure AD Connect server for a couple of days just in case or disable the Azure AD Connect services. Then, after everything works as you expect, uninstall Microsoft Entra Connect.
Conclusion
In this blog post we Learn about How to Migrate Azure AD or Entra ID Connect to a New Server. On the old server we first exported the configuration and the user sign-on settings. On the new server, we installed the latest Entra ID Connect application. We configured the synchronization settings and verified the synchronization. To migrate the server, we changed the staging setting on the old and new server. Last we Uninstalled the Azure AD or Entra ID Connect Software on the old server. Did you enjoy this article? Dont forget to follow us and share this article. If you have any questions or need further assistance, feel free to reach out or leave a comment below.
