SOLVED

Azure AD connect on Azure VM

%3CLINGO-SUB%20id%3D%22lingo-sub-85134%22%20slang%3D%22en-US%22%3EAzure%20AD%20connect%20on%20Azure%20VM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-85134%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20we%20put%20Azure%20AD%20connect%20to%20Azure%20and%20add%20DC%20and%20Backup%20DC%20to%20Azure%20%2C%20I%20can%20point%20AAD%20Connect%20to%20Azure%20DC%20right%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20about%20Install%20AAD%20on%20Azure%20and%20join%20on-premise%20domain%3F%20%26nbsp%3BAzure%20to%20on-premise%20have%20Site%20to%20Site%20VPN%20plan.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-85134%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-218023%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20connect%20on%20Azure%20VM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-218023%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20backup%20O365%20mailboxes%20with%20Veeam%20which%20is%20installed%20on%20an%20Azure%20VM%20but%20getting%20a%20very%20poor%20backup%20performance.%20Do%20I%20need%20to%20integrate%20this%20Azure%20VM%20with%20Azure%20AD%20in%20order%20to%20improve%20backup%20performance%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-85240%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20connect%20on%20Azure%20VM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-85240%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20Option%201%20is%20the%20best%20for%20several%20reasons%20like%20Disaster%20Recovery%20and%20Business%20Continuity.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-85212%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20connect%20on%20Azure%20VM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-85212%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20John%2C%3C%2FP%3E%3CP%3EI%20much%20prefer%20option%201%20(DC%20on%20Azure%2C%20AADC%20on%20Azure)%2C%20as%20that%20gives%20you%20the%20best%20level%20of%20flexibility%20and%20stability.%20If%20you%20only%20have%20AADC%20on%20Azure%2C%20and%20are%20relying%20on%20a%20site%20to%20site%20VPN%20connection%20back%20to%20your%20DC%20on-prem%2C%20you%20have%20a%20greater%20risk%20of%20losing%20that%20connection%20if%20something%20goes%20down.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAt%20least%20with%20the%20DC%20on%20Azure%20alongside%20of%20AADC%2C%20it%20can%20continue%20to%20pull%20updates%20in%20case%20of%20an%20outage.%20The%20challenge%20of%20course%2C%20is%20that%20an%20outage%20would%20still%20eventually%20put%20your%20DC%20in%20Azure%20out%20of%20date%20-%20but%20I'd%20still%20recommend%20that%20option%20over%20simply%20relying%20on%20a%20VPN%20connection%20to%20keep%20AADC%20connected.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-85173%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20connect%20on%20Azure%20VM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-85173%22%20slang%3D%22en-US%22%3E%3CP%3EI%20think%20you%20talking%20about%20scenario%201%20is%20normal%20approach%20right%3F%3C%2FP%3E%3CP%3Escenario%202%20is%20no%20DC%20on%20azure%20and%20direct%20join%20on-premise%20DC.%20It%20is%20also%20fine%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-85142%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20connect%20on%20Azure%20VM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-85142%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20John%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20is%20the%20best%20aproach%20that%20scenario%2C%20I%20do%20that%20in%20all%20customers%20that%20have%20Office%20365%20and%20Azure.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20have%20here%20documentation%20that%20will%20support%20you.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Farchitecture%2Freference-architectures%2Fidentity%2Fadds-extend-domain%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Farchitecture%2Freference-architectures%2Fidentity%2Fadds-extend-domain%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20here%20a%20how%20to.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-install-replica-active-directory-domain-controller%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-install-replica-active-directory-domain-controller%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

If we put Azure AD connect to Azure and add DC and Backup DC to Azure , I can point AAD Connect to Azure DC right?

 

How about Install AAD on Azure and join on-premise domain?  Azure to on-premise have Site to Site VPN plan.

 

Thanks.

5 Replies
Highlighted
Best Response
Solution

Hi John,

 

Yes is the best aproach that scenario, I do that in all customers that have Office 365 and Azure.

 

You have here documentation that will support you. https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-dom...

 

And here a how to. https://docs.microsoft.com/en-us/azure/active-directory/active-directory-install-replica-active-dire...

Highlighted

I think you talking about scenario 1 is normal approach right?

scenario 2 is no DC on azure and direct join on-premise DC. It is also fine?

 

thanks.

Highlighted

Hi John,

I much prefer option 1 (DC on Azure, AADC on Azure), as that gives you the best level of flexibility and stability. If you only have AADC on Azure, and are relying on a site to site VPN connection back to your DC on-prem, you have a greater risk of losing that connection if something goes down.

 

At least with the DC on Azure alongside of AADC, it can continue to pull updates in case of an outage. The challenge of course, is that an outage would still eventually put your DC in Azure out of date - but I'd still recommend that option over simply relying on a VPN connection to keep AADC connected.

 

Hope this helps!

Highlighted

Yes, Option 1 is the best for several reasons like Disaster Recovery and Business Continuity.

Highlighted

Hi Guys,

 

I am trying to backup O365 mailboxes with Veeam which is installed on an Azure VM but getting a very poor backup performance. Do I need to integrate this Azure VM with Azure AD in order to improve backup performance?