cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure AD Connect Pass Through Authentication High Availability

%3CLINGO-SUB%20id%3D%22lingo-sub-96021%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Connect%20Pass%20Through%20Authentication%20High%20Availability%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96021%22%20slang%3D%22en-US%22%3EUpdate%3A%20After%20labbing%20and%20testing%20this%20scenario%20-%20Installing%20the%20second%20staging%20server%20works%20to%20handle%20PTA%20requests.%20Even%20thought%20the%20second%20Azure%20AD%20Connect%20server%20is%20in%20staging%20mode%2C%20it%20will%20look%20at%20the%20queue%20for%20authentication%20requests%20and%20verify%20authentication%20attempts.%20I%20tested%20this%20and%20deployed%20it%20in%20production%20with%20one%20primary%20AZADC%20in%20the%20on%20premises%20datacenter%20and%20then%20a%20staging%20server%20in%20Azure%20for%20DR.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-76182%22%20slang%3D%22en-US%22%3EAzure%20AD%20Connect%20Pass%20Through%20Authentication%20High%20Availability%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-76182%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20been%20reading%20a%20lot%20about%20this%20for%20a%20highly%20available%20environment.%20It%20states%20that%20the%20Staging%20Server%20reads%20all%20Azure%20AD%20changes%20so%20that%20it%20is%20ready%20for%20production.%20Does%20this%20mean%20that%20a%20staging%20server%20will%20also%20act%20as%20a%20highly%20available%20server%20for%20PTA%3F%20My%20interpretation%20is%20that%20it%20will%20accept%20authentication%20requests%20from%20PTA%20as%20well%20as%20the%20Azure%20AD%20Connect%20server%20where%20PTA%20is%20configured.%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3EIf%20my%20interpretation%20is%20incorrect%20then%20that%20means%20for%20true%20HA%20then%20we%20would%20need%203%20servers.%20Primary%20AZADC%20server%2C%20second%20staging%20server%2C%20and%20a%20third%20server%20with%20the%20PTA%20agent%20installed.%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3EThis%20seems%20crazy%20to%20me%20if%20the%20staging%20server%20cannot%20handle%20PTA%20requests.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-76182%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Tom Gould
Contributor

‎Jun 08 2017 07:50 AM - last edited on ‎Jul 24 2020 02:41 AM by

‎Jun 08 2017 07:50 AM - last edited on ‎Jul 24 2020 02:41 AM by

Azure AD Connect Pass Through Authentication High Availability

I have been reading a lot about this for a highly available environment. It states that the Staging Server reads all Azure AD changes so that it is ready for production. Does this mean that a staging server will also act as a highly available server for PTA? My interpretation is that it will accept authentication requests from PTA as well as the Azure AD Connect server where PTA is configured.
 
If my interpretation is incorrect then that means for true HA then we would need 3 servers. Primary AZADC server, second staging server, and a third server with the PTA agent installed.
 
This seems crazy to me if the staging server cannot handle PTA requests.

1,707 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Tom Gould (Contributor)
Tom Gould

‎Aug 14 2017 07:17 PM

‎Aug 14 2017 07:17 PM

Solution

Re: Azure AD Connect Pass Through Authentication High Availability

Update: After labbing and testing this scenario - Installing the second staging server works to handle PTA requests. Even thought the second Azure AD Connect server is in staging mode, it will look at the queue for authentication requests and verify authentication attempts. I tested this and deployed it in production with one primary AZADC in the on premises datacenter and then a staging server in Azure for DR.
2 Likes
Reply