If we put Azure AD connect to Azure and add DC and Backup DC to Azure , I can point AAD Connect to Azure DC right?


How about Install AAD on Azure and join on-premise domain?  Azure to on-premise have Site to Site VPN plan.



Hi John,


Yes is the best aproach that scenario, I do that in all customers that have Office 365 and Azure.


You have here documentation that will support you.


And here a how to.

I think you talking about scenario 1 is normal approach right?

scenario 2 is no DC on azure and direct join on-premise DC. It is also fine?



Hi John,

I much prefer option 1 (DC on Azure, AADC on Azure), as that gives you the best level of flexibility and stability. If you only have AADC on Azure, and are relying on a site to site VPN connection back to your DC on-prem, you have a greater risk of losing that connection if something goes down.


At least with the DC on Azure alongside of AADC, it can continue to pull updates in case of an outage. The challenge of course, is that an outage would still eventually put your DC in Azure out of date - but I'd still recommend that option over simply relying on a VPN connection to keep AADC connected.


Hope this helps!

Yes, Option 1 is the best for several reasons like Disaster Recovery and Business Continuity.

Hi Guys,


