Aug 22 2017
08:47 AM
- last edited on
Jan 14 2022
05:35 PM
by
TechCommunityAP
Aug 22 2017
08:47 AM
- last edited on
Jan 14 2022
05:35 PM
by
TechCommunityAP
I have an on permise DC where Azure AD connect is already configured and installed and I have a replica of my DC on AWS. Everything from my DC1 replicates to DC2 at AWS except the Azure AD connect not configured on AWS. The question is . Is is possible to install another Azure AD connect on DC2 at AWS while I already have one in DC1?
Aug 22 2017 09:39 AM - edited Aug 22 2017 09:40 AM
Solutionyou can install Azure AD connect on another machine, but it must be in Staging mode. Azure AD connected cannot be running on 2 servers at the same time. There is not a great high availability story at this time. Any configuration changes you make on the operating instance need to be manually made on the staging instance. see https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-oper... for more details.
On a related note, the recommended best practice is to not put AAD connect on the DC. If you have an issue with AAD connect, you don't want it to affect the DC.
Aug 22 2017 10:08 AM
Aug 22 2017 10:13 AM
You are welcome. edX has a good online class about this at https://courses.edx.org/courses/course-v1:Microsoft+CLD212.1x+3T2017/courseware/1d115a213d454e8387d7...
Aug 24 2017 07:14 AM
Hello Emal,
Assuming you are interested in exporting to the same AAD directory, you can only have one AAD Connect server exporting to the same tenant. As was mentioned, you can have a server in "Staging Mode", but that's more like a fall-back solution should your primary AAD Connect server be down. However, even if it were down, you will not lose authentication. Only new, modified, or removed objects will not synchronize. Many customers swap between a primary and Staged AAD Connect servers when performing upgrades. But if you decide to have a secondary AAD Connect server for fallback solutions, you need to make sure every thing is like-for-like, especially the binaries. Hope this helps.
Aug 25 2017 08:21 AM
Aug 28 2017 10:10 AM
Hello Emal
AAD Connect can be installed on premises or on a virtual network. The key thing is a good VPN solution if you decide for AWS. Technically speaking, if it's on AWS, then it's considered on premises if it's on the same on premises network. It would be best to have the DC on AWS as well to insure performance with low latencies. This being said, most AAD Connect services I've supported have been installed on-premises. -Josh
May 21 2018 01:30 PM
Aug 22 2017 09:39 AM - edited Aug 22 2017 09:40 AM
Solutionyou can install Azure AD connect on another machine, but it must be in Staging mode. Azure AD connected cannot be running on 2 servers at the same time. There is not a great high availability story at this time. Any configuration changes you make on the operating instance need to be manually made on the staging instance. see https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-oper... for more details.
On a related note, the recommended best practice is to not put AAD connect on the DC. If you have an issue with AAD connect, you don't want it to affect the DC.