Share via

Azure ADDS Inbound NAT Rule upgrade in Load Balancer

mb25stan2 20 Reputation points
2025-09-29T13:18:45.3766667+00:00

We have an Azure ADDS implementation.

By design, on creation of the solution, a standard Load Balancer was created automatically with 2 Version 1 Inbound NAT rules for WinRM that I believe facilitates Microsoft patching the 2 managed Domain Controllers that get created.

My question is, if I delete the 2 V1 rules, and manually create 2 new V2 rules with the same ports, will it break the auto management functions used by Microsoft?

I ask because the V1 rules become deprecated in 2027 and my manager wants us to close this work off well in advance if possible.

Many Thanks

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
0 comments
Answer accepted by question author
  1. Alex Burlachenko 18,575 Reputation points Volunteer Moderator
    2025-09-29T13:47:17.0966667+00:00

    Hi,

    getting ahead of that 2027 deprecation is a great idea. but with azure adds, we have to be very careful because Microsoft fully manages those domain controllers for you.

    my strong advice is do not delete and recreate those nat rules yourself. the load balancer and its specific rules are a core part of the adds managed service. Microsoft's backend processes likely rely on the specific configuration, names, or metadata of those automatically created rules to function correctly. if you change them, you risk breaking the automated management, including crucial security patching.

    the safe and supported path is to let Microsoft handle the upgrade. they are aware of the load balancer rule deprecation timeline. as we get closer to 2027, they will almost certainly release an official process or perform a platform update to migrate all existing adds deployments to the new rule version. your manager's proactive thinking is good, but this is one area where it is better to wait for the vendor's guidance.

    what you can do now is monitor the official azure updates. keep an eye on the azure updates page https://azure.microsoft.com/en-us/updates/ and specifically search for adds or load balancer news. when Microsoft announces the migration path, you will be ready to act.

    you could also try a test in a development environment. if you have a test adds forest, you could experiment with the rules there and see if management functions break. but even then, there is a risk.

    please do not manually change those rules. the potential to disrupt Microsoft's management of your domain controllers is too high. the right move is to wait for an official update from Microsoft on how they will handle this deprecation for their managed services.

    good luck, and it is great that you are planning so far ahead.

    rgds,

    Alex

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.