Forum Discussion
Azure AD Connect on Azure VM with DC role
Hi All,
We have deploy Azure AD connec to Azure VM with DC role, but AAD connector prefer AD DC is on-premise DC.
We found when user have password change request, the AAD didn't receive the change request and update to Azure AD with in 2 mins.
Any Suggestion?
Thanks.
Hi John,
Does your network on Azure point to DNS's on Azure ?
Can you see in cmd prompt if "set" the logon server is one of the Azure ?
Do you have site and services on AD correct configured with the network on Azure ?
Verify the sincronization and schedule times betweent AD sites.
When you change a password on-premises, the user change to the closest DC than AD connect detects that and pull from it to Azure AD.
Hi John,
Is your DC a Global Catalog ?
The best architecture to archive your goal is to have a DC separate to AD Connect, please refer to this architectures that describe the scenarios https://technet.microsoft.com/en-us/library/mt613459.aspx
Yes, two site and two DC , both DC is Global Catalog.
Best practice is separate role, but we lack of resource so combine to one VM.
I have test it is able to do on DC role although it is not recommand practice.
Do it have data loss between Azure AAD to On-premise DC with Site to Site VPN? so AAD can't pull on-premise DC password change request immediately?
Hi John,
Does your network on Azure point to DNS's on Azure ?
Can you see in cmd prompt if "set" the logon server is one of the Azure ?
Do you have site and services on AD correct configured with the network on Azure ?
Verify the sincronization and schedule times betweent AD sites.
When you change a password on-premises, the user change to the closest DC than AD connect detects that and pull from it to Azure AD.
