Forum Discussion
Rebuild Azure AD Connect and Hybrid
Hi AtanasM,
I wrote some instructions on enabling AAD Connect with PHS and compared to Cloud sync (if plausible for you) Section 4 – Implement an Identity Management Solution – Implement and manage hybrid identity – AADC, Cloud Sync and PHS – Set-AzWebApp -name "Anything Microsoft and other stuff on the side" (cloudpartner.fi)
And for PTA, SSO and ADFS integration Section 5 – Implement an Identity Management Solution – Implement and manage hybrid identity – PTA, SSO and ADFS – Set-AzWebApp -name "Anything Microsoft and other stuff on the side" (cloudpartner.fi)
The first security practices are to use the new Hybrid Administrator as sync account and treat your AAD Connect servers as Tier0 servers, just like Domain controllers and ADFS.
Never give too much rights for anyone and use different accounts, preferably GMSA accounts, not single users.
Hope this helps,
Hello AtanasM!
What authentication model are you using (PHS/PTS/Federation)? Based on your description that users can't login, it's probably not PHS. Are federation servers or PTA agents server available? Maybe the better option is to build a new server and make the that primary and then remove AADConnect from the current one.
p/s you can use PHS as a failover to PTA and Federate
