Forum Discussion
Azure AD connect on Azure VM
Hi John,
Yes is the best aproach that scenario, I do that in all customers that have Office 365 and Azure.
You have here documentation that will support you. https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-domain
And here a how to. https://docs.microsoft.com/en-us/azure/active-directory/active-directory-install-replica-active-directory-domain-controller
Hi John,
Yes is the best aproach that scenario, I do that in all customers that have Office 365 and Azure.
You have here documentation that will support you. https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-domain
And here a how to. https://docs.microsoft.com/en-us/azure/active-directory/active-directory-install-replica-active-directory-domain-controller
I think you talking about scenario 1 is normal approach right?
scenario 2 is no DC on azure and direct join on-premise DC. It is also fine?
thanks.
Hi John,
I much prefer option 1 (DC on Azure, AADC on Azure), as that gives you the best level of flexibility and stability. If you only have AADC on Azure, and are relying on a site to site VPN connection back to your DC on-prem, you have a greater risk of losing that connection if something goes down.
At least with the DC on Azure alongside of AADC, it can continue to pull updates in case of an outage. The challenge of course, is that an outage would still eventually put your DC in Azure out of date - but I'd still recommend that option over simply relying on a VPN connection to keep AADC connected.
Hope this helps!
Yes, Option 1 is the best for several reasons like Disaster Recovery and Business Continuity.
