cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure AD Connect Pass Through Authentication High Availability

%3CLINGO-SUB%20id%3D%22lingo-sub-76182%22%20slang%3D%22en-US%22%3EAzure%20AD%20Connect%20Pass%20Through%20Authentication%20High%20Availability%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-76182%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20been%20reading%20a%20lot%20about%20this%20for%20a%20highly%20available%20environment.%20It%20states%20that%20the%20Staging%20Server%20reads%20all%20Azure%20AD%20changes%20so%20that%20it%20is%20ready%20for%20production.%20Does%20this%20mean%20that%20a%20staging%20server%20will%20also%20act%20as%20a%20highly%20available%20server%20for%20PTA%3F%20My%20interpretation%20is%20that%20it%20will%20accept%20authentication%20requests%20from%20PTA%20as%20well%20as%20the%20Azure%20AD%20Connect%20server%20where%20PTA%20is%20configured.%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3EIf%20my%20interpretation%20is%20incorrect%20then%20that%20means%20for%20true%20HA%20then%20we%20would%20need%203%20servers.%20Primary%20AZADC%20server%2C%20second%20staging%20server%2C%20and%20a%20third%20server%20with%20the%20PTA%20agent%20installed.%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3EThis%20seems%20crazy%20to%20me%20if%20the%20staging%20server%20cannot%20handle%20PTA%20requests.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-76182%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-96021%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Connect%20Pass%20Through%20Authentication%20High%20Availability%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96021%22%20slang%3D%22en-US%22%3EUpdate%3A%20After%20labbing%20and%20testing%20this%20scenario%20-%20Installing%20the%20second%20staging%20server%20works%20to%20handle%20PTA%20requests.%20Even%20thought%20the%20second%20Azure%20AD%20Connect%20server%20is%20in%20staging%20mode%2C%20it%20will%20look%20at%20the%20queue%20for%20authentication%20requests%20and%20verify%20authentication%20attempts.%20I%20tested%20this%20and%20deployed%20it%20in%20production%20with%20one%20primary%20AZADC%20in%20the%20on%20premises%20datacenter%20and%20then%20a%20staging%20server%20in%20Azure%20for%20DR.%3C%2FLINGO-BODY%3E
Highlighted
Tom Gould
Contributor

‎06-08-2017 07:50 AM - last edited on ‎07-24-2020 02:41 AM by

‎06-08-2017 07:50 AM - last edited on ‎07-24-2020 02:41 AM by

Azure AD Connect Pass Through Authentication High Availability

I have been reading a lot about this for a highly available environment. It states that the Staging Server reads all Azure AD changes so that it is ready for production. Does this mean that a staging server will also act as a highly available server for PTA? My interpretation is that it will accept authentication requests from PTA as well as the Azure AD Connect server where PTA is configured.
 
If my interpretation is incorrect then that means for true HA then we would need 3 servers. Primary AZADC server, second staging server, and a third server with the PTA agent installed.
 
This seems crazy to me if the staging server cannot handle PTA requests.

1,322 Views
0 Likes
1 Reply
Reply
1 Reply
Highlighted
Tom Gould

‎08-14-2017 07:17 PM

‎08-14-2017 07:17 PM

Solution

Re: Azure AD Connect Pass Through Authentication High Availability

Update: After labbing and testing this scenario - Installing the second staging server works to handle PTA requests. Even thought the second Azure AD Connect server is in staging mode, it will look at the queue for authentication requests and verify authentication attempts. I tested this and deployed it in production with one primary AZADC in the on premises datacenter and then a staging server in Azure for DR.
Best Response confirmed by Tom Gould (Contributor)
2 Likes
Reply

Related Conversations View all

[Newbie] What do I need to provide high availability for Pass-through Authentication?

by MON Not ur business on April 30, 2018

314 Views 0 Likes
1 Replies

Azure AD Pass-through Authentication: Upgrade Authentication Agents

by Andy White on September 20, 2017

473 Views 0 Likes
0 Replies

Azure AD Connect Pass Through Authentication High Availability

by Adam Fowler on August 03, 2017

503 Views 2 Likes
0 Replies

Related Blog Posts View all

Introducing #AzureAD Pass-Through Authentication and Seamless Single Sign-on

by Alex Simons (AZURE) on September 07, 2018

6928 Views 0 Likes
0 Replies

Azure AD B2C and B2B are now in Public Preview!

by Alex Simons (AZURE) on September 06, 2018

2411 Views 0 Likes
0 Replies