Microsoft Entra Connect connecting always to old DC

Hi jpart_777​,

You're right to not set a preferred domain controller. That should never be used unless it cannot be avoided (which is typically only when someone has botched their Active Directory site topology design and implementation - which is sadly rather common).

You ought to be fine with following your hunch and not specifying a preferred domain controller list. I've run a quick test on AAD Connect v2.4.131.0 and it cut over fine when I blocked access from the AAD Connect host to the domain controller it typically connects to.

The test was basic but effective and entailed:

• Configuring the Windows Firewall on the AAD Connect host to block LDAP (and GC) traffic to the usual domain controller;
• Running a delta import (DI) on the Active Directory connector;
• Observing the result of the DI run.

I actually expected that the DI may not work and an FI might have been required, but I was pleasantly surprised to see that the DI run succeeded.

Prior to the blocking of the "usual" domain controller

The firewall change to block access to rpdc01.robertsonpayne.com

After the firewall change, showing the automatic switch to another domain controller

Cheers,

Lain