Forum Discussion

Deleted's avatar
Deleted
Aug 22, 2017

Azure AD connect in more than one DC

I have an on permise DC where Azure AD connect is already configured and installed and I have a replica of my DC on AWS. Everything from my DC1 replicates to DC2 at AWS except the Azure AD connect no...
Azure Active Directory (AAD)
microsoft 365
  • Dean_Gross's avatar
    Dean_Gross
    Aug 22, 2017

    you can install Azure AD connect on another machine, but it must be in Staging mode. Azure AD connected cannot be running on 2 servers at the same time. There is not a great high availability story at this time. Any configuration changes you make on the operating instance need to be manually made on the staging instance. see https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-operations for more details. 

     

    On a related note, the recommended best practice is to not put AAD connect on the DC. If you have an issue with AAD connect, you don't want it to affect the DC. 

Joshua Villagomez's avatar
Joshua Villagomez
Copper Contributor
Aug 24, 2017

Hello Emal,

 

Assuming you are interested in exporting to the same AAD directory, you can only have one AAD Connect server exporting to the same tenant. As was mentioned, you can have a server in "Staging Mode", but that's more like a fall-back solution should your primary AAD Connect server be down. However, even if it were down, you will not lose authentication. Only new, modified, or removed objects will not synchronize. Many customers swap between a primary and Staged AAD Connect servers when performing upgrades. But if you decide to have a secondary AAD Connect server for fallback solutions, you need to make sure every thing is like-for-like, especially the binaries. Hope this helps. 

  • Deleted's avatar
    Deleted
    Aug 25, 2017
    Thanks Josh,
    Yes I will stand it up as staging AAD. Just have quick question Does it Matter to have the primary AAD connect on AWS replica of my DC or its good practice to have the AAD Connect primary one on premise ?
    • Josh Villagomez's avatar
      Josh Villagomez
      Icon for Microsoft rankMicrosoft
      Aug 28, 2017

      Hello Emal

       

      AAD Connect can be installed on premises or on a virtual network. The key thing is a good VPN solution if you decide for AWS. Technically speaking, if it's on AWS, then it's considered on premises if it's on the same on premises network. It would be best to have the DC on AWS as well to insure performance with low latencies. This being said, most AAD Connect services I've supported have been installed on-premises. -Josh

      • Deleted's avatar
        Deleted
        May 21, 2018
        Hi Josh,
        Thanks! that worked for me for having AD on AWS.

Resources