Azure Active Directory Connect – High Availability 3

When working in Enterprise environments the High Availability (HA) question is often raised. (Azure Active Directory Connect – High Availability)
Also for the new and shining Azure Active Directory Connect (AADConnect) tool.

The tool itself is the successor of DirSync, with a lot of new features. For instance Password Write Back. Get the tool here: https://www.microsoft.com/en-us/download/details.aspx?id=47594

But back to the question:
NO there is no possibility for HA of the AADConnect tool.

But there is a nice solution, Staging Mode.

But what is this staging mode?

In a Staging Mode scenario you install 1 server with AADConnect, which will be the active server, and a second server with AADConnect, which will be the ‘Standby’ server. Because that’s what it essentially is.

The Staging server is a fully functional AADConnect server, with a fully populated Metaverse, BUT there are a few thing is does not do:

  • No exports occur to your on-premise Active Directory;
  • No exports occur to Azure Active Directory;
  • Password synchronization and password write-back are disabled.

In case the primary server goes offline (for whatever reason) you can manually disable the Staging Mode on the second server and this one will do the synchronization!

Azure Active Directory Connect - High Availability

Azure Active Directory Connect - High Availability

3 thoughts on “Azure Active Directory Connect – High Availability

  1. Reply Mike Jan 27,2017 10:10 pm

    When installing a second AAD Connect on a server, do I have to set the primary into staging mode? My second installation seems to fail! Thanks

  2. Reply Rogier Dijkman Feb 21,2017 12:21 pm

    Great new feature in Azure AD Connect is pass-through authentication.

    See:https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication

    This can be used as an alternative to AD FS environments when there’s no need for Claims Mapping, Smart Card, Conditional Access or 3th party IDM providers.

Leave a Reply

%d bloggers like this: