When working in Enterprise environments the High Availability (HA) question is often raised. (Azure Active Directory Connect – High Availability)
Also for the new and shining Azure Active Directory Connect (AADConnect) tool.
The tool itself is the successor of DirSync, with a lot of new features. For instance Password Write Back. Get the tool here: https://www.microsoft.com/en-us/download/details.aspx?id=47594
But back to the question:
NO there is no possibility for HA of the AADConnect tool.
But there is a nice solution, Staging Mode.
But what is this staging mode?
In a Staging Mode scenario you install 1 server with AADConnect, which will be the active server, and a second server with AADConnect, which will be the ‘Standby’ server. Because that’s what it essentially is.
The Staging server is a fully functional AADConnect server, with a fully populated Metaverse, BUT there are a few thing is does not do:
- No exports occur to your on-premise Active Directory;
- No exports occur to Azure Active Directory;
- Password synchronization and password write-back are disabled.
In case the primary server goes offline (for whatever reason) you can manually disable the Staging Mode on the second server and this one will do the synchronization!
When installing a second AAD Connect on a server, do I have to set the primary into staging mode? My second installation seems to fail! Thanks
Hi,
no ‘staging mode’ is for the standby server.
In case of disaster recovery, run the wizard again and disable staging mode on the second server.
See: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-installation-wizard
So when you install the second server, there you have to select ‘Staging Mode’ (in the last section of the wizard!)
/Stephan
Great new feature in Azure AD Connect is pass-through authentication.
See:https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication
This can be used as an alternative to AD FS environments when there’s no need for Claims Mapping, Smart Card, Conditional Access or 3th party IDM providers.