cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure AD Connect on Azure VM with DC role

Deleted
Not applicable

‎Aug 02 2017 11:31 PM - last edited on ‎Jan 14 2022 05:30 PM by

‎Aug 02 2017 11:31 PM - last edited on ‎Jan 14 2022 05:30 PM by

Azure AD Connect on Azure VM with DC role

Hi All,

We have deploy Azure AD connec to Azure VM with DC role, but AAD connector prefer AD DC is on-premise DC.

We found when user have password change request, the AAD didn't receive the change request and update to Azure AD with in 2 mins.

 

Any Suggestion?

Thanks.

3,675 Views
0 Likes
5 Replies
Reply
5 Replies
Nuno Silva

‎Aug 03 2017 01:17 AM

‎Aug 03 2017 01:17 AM

Re: Azure AD Connect on Azure VM with DC role

Hi John,

 

Is your DC a Global Catalog ?

 

The best architecture to archive your goal is to have a DC separate to AD Connect, please refer to this architectures that describe the scenarios https://technet.microsoft.com/en-us/library/mt613459.aspx

0 Likes
Reply

‎Aug 03 2017 01:22 AM - edited ‎Aug 03 2017 01:25 AM

‎Aug 03 2017 01:22 AM - edited ‎Aug 03 2017 01:25 AM

Re: Azure AD Connect on Azure VM with DC role

Yes, two site and two DC , both DC is Global Catalog.

Best practice is separate role, but we lack of resource so combine to one VM.

I have test it is able to do on DC role although it is not recommand practice.

 

Do it have data loss between Azure AAD to On-premise DC with Site to Site VPN? so AAD can't pull on-premise DC password change request immediately?

0 Likes
Reply
best response
Nuno Silva

‎Aug 03 2017 01:27 AM

‎Aug 03 2017 01:27 AM

Solution

Re: Azure AD Connect on Azure VM with DC role

Hi John,

 

Does your network on Azure point to DNS's on Azure ?

Can you see in cmd prompt if "set" the logon server is one of the Azure ?

Do you have site and services on AD correct configured with the network on Azure ?

Verify the sincronization and schedule times betweent AD sites.

 

When you change a password on-premises, the user change to the closest DC than AD connect detects that and pull from it to Azure AD.

0 Likes
Reply

‎Aug 03 2017 01:40 AM - edited ‎Aug 03 2017 01:41 AM

‎Aug 03 2017 01:40 AM - edited ‎Aug 03 2017 01:41 AM

Re: Azure AD Connect on Azure VM with DC role

Hi Nuno,

 

Does your network on Azure point to DNS's on Azure ? Primary DNS is point to on-premise DC

Can you see in cmd prompt if "set" the logon server is one of the Azure ? echo %logonserver% result is Azure DC server

Do you have site and services on AD correct configured with the network on Azure ?    yes, it is two different site subnets. 

Verify the sincronization and schedule times betweent AD sites.  Repicate every 15 minutes.

0 Likes
Reply
Nuno Silva

‎Aug 03 2017 01:45 AM

‎Aug 03 2017 01:45 AM

Re: Azure AD Connect on Azure VM with DC role

Hi John,

 

You DNS setting on Azure Network should point to your DNS servers on Azure to the VM's connect to them. That could be the point.

0 Likes
Reply
1 best response

Accepted Solutions
best response
Nuno Silva

‎Aug 03 2017 01:27 AM

‎Aug 03 2017 01:27 AM

Solution

Re: Azure AD Connect on Azure VM with DC role

Hi John,

 

Does your network on Azure point to DNS's on Azure ?

Can you see in cmd prompt if "set" the logon server is one of the Azure ?

Do you have site and services on AD correct configured with the network on Azure ?

Verify the sincronization and schedule times betweent AD sites.

 

When you change a password on-premises, the user change to the closest DC than AD connect detects that and pull from it to Azure AD.

View solution in original post

0 Likes
Reply