Forum Discussion
Azure AD Connect on a DC
Hi Glenn,
In my opinion, the recommended installation is always in a separate server regarding to isolate points of failure.
In past time e.g.. Dirsync it was not supported but Microsoft has expanded the support on installation on servers with other roles using Express Instalation.
If you install AD Connect on a DC or other machine with other products, it would be harder to understand a problem if occurs in your environment either the problem is on the DC role or AD Connect.
Hi Glenn,
The Express setting is by default and the custom you have the options on the below link https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom
Regarding the SQL, location, and others.
Yes, you can unckeck the initial sync and than change the OU's.
Thanks for the response Nuno. That was helpful. However, do you also have some thoughts regarding the question about installing Azure AD Connect on a Domain Controller?
Again, I'm not seeing anything (yet) that says this is a bad idea in an "Express" scenario like mine. Just that typically Microsoft is very good about being clear on this sort of thing.
Thanks again and let me know if you have some thoughts on the AADC on DC.
- Josh Villagomez
Microsoft
Hello,
I would like to add that although it is a supported configuration, it's not always best practice. Typically, when you install a domain controller, you want to make sure there are no other services that interfere or compete with the compute, memory, networking, or disk resources. Also, should there be an AAD Connect software error, a reboot may be required. Although the network should include multiple DC's for replication and HA purposes, few admins favor adding more resources to a busy and important server. The enviornments I have seen have been typically independent AAD Connect servers. I hope this helps. - Josh
Hi Glenn,
In my opinion, the recommended installation is always in a separate server regarding to isolate points of failure.
In past time e.g.. Dirsync it was not supported but Microsoft has expanded the support on installation on servers with other roles using Express Instalation.
If you install AD Connect on a DC or other machine with other products, it would be harder to understand a problem if occurs in your environment either the problem is on the DC role or AD Connect.
In my experience it is not recommended to install Azure AD conect on a DC, Azure AD comes with an SQL express database. Which wil adopt a lot of memory of the current machine. Another issue is that you might need to reboot the Sync server for updates etc, and i think would not like to do that to often to a domain controller. Another thing is the Metaverse sync you can get a lot of bad synced items within the metaverse. This also happens due to short of memory.
And like Nuno said troubleshooting AzureAD Connect will become more difficult for instance if you have duplicate identities or Hash errors.
