This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 31%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
I intend to migrate a domain controller 2012 from on-premises to an Azure VM using Azure Migrate. for migration we have to create local user in source Vm However, the domain controller in question does not have a local account. How should I proceed with this migration?
@Dattaram Kachale Just checking in to see if you got a chance to see my response and if it helped, I would request you to "Accept Answer and Upvote" so that the relevancy of this post will improve when anyone in the community search for a similar query.
@Dattaram Kachale We haven't heard back from you. Please reply if you have any questions in this matter and we will gladly continue the discussion.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
The recommended approach to migrate a domain controller is to promote a additional domain controller on new Azure VM, move FSMO rôle on it and then demote old domain controller on-premises.
Please don't forget to accept helpful answer
Just checking if there is any progress.
Please don't forget to accept helpful answer and close this thread
@Dattaram Kachale Thank you for reaching out to us on Microsoft docQ&A platform. Happy to answer any questions you may have!
I see that you want to migrate DC from on-prem to Azure VM and would like to know if it can be done without a local account.
Local account is used for pulling software inventory and Dependency analysis. If you are following agentless approach, then you should be able to migrate without local account.
I understand that you must be concerned about sharing DC user account due to compliance issue. You can even use domain account for the same.
In case of agent-based migration, you can skip assessment part since, it is a DC so you can directly migrate to recommended SKU in Azure and directly install mobility agent on source server and register it with replication appliance. In this scenario, you just need to create a dummy account.
Refer to the doc here - Migrate machines as physical server to Azure with Azure Migrate. - Azure Migrate | Microsoft Learn
Note: The answer/suggestions above suits best for cloud only scenario.
Recommendations: As mentioned by "Thameur-BOURBITA" or create a dedicated secure VNET in Azure with newly deployed AD DS Servers which are protected by NSG's with specific rules. An example of this is in the diagram shown in the link below:
https://learn.microsoft.com/en-us/azure/architecture/example-scenario/identity/adds-extend-domain
Allow replication to happen and confirm that all is healthy, then add the new servers as authentication and DNS reference points for your existing servers prior to migration. This of course depends on having connectivity in place via either S2S VPN or ExpressRoute (which I assume you do).
You would then have separate VNETs in Azure for your App VMs which would also be protected by NSG's.
Hope this helps. Feel free to write back to us if you have any further concerns in this matter!
If the response helped, do "Accept Answer" and up-vote it