Topologies for Azure AD Connect
Working with multi-forest environments can be a complex task so you need to plan each and everything very carefully in order to achieve the task.
For Design & Topologies go through the following documentation;
Consideration for Redundancy
Azure AD Connect Server won’t work as Active-Active but don’t worry you still have an option to build redundant server, Oh really ! yes. You can setup up Azure AD Connect Staging Server.
Let’s Begin with Installation & Configuration
Before proceeding installation of Azure AD Connect you need to run IdFix Tool to rectify your on-premise Active Directory object.
Run IdFix setup
Specify the installation path.
Click Install to proceed
Okay , you are done ! now run the IdFix tool by clicking the icon created on your desktop or navigate to Programs.
Click on “Query” button in order to fetch data from Active Directory, in the Error column you can see it is saying TopLevelDomain which means the local Active Directory user is using non-routable domain which is domain.local. There are different categories of errors for that see the detailed documentation.
In the Action column you can see EDIT , COMPLETE , REMOVE operations which you can perform on the objects.
Before doing any operation perform backup of Active Directory.
After rectifying the errors we are good to go for deployment of Azure AD Connect.
Starting the Installation of Azure AD Connect
Welcome Wizard !
Select “I agree to the license terms and privacy notice.
You can select either Customize or Express settings, if you are setting up Azure AD Connect for SMB environment then go with Express settings unless you don’t need to customize advance settings.
In the following screenshot you can see the available options where you can specify SQL DB, Custom Installation Location, Service Account for administrative purpose and importing sync settings which are exported from other Azure AD Connect.
Let’s get started with Express
Use the Global Administrative Account to proceed installation.
Specify the credentials for on-premise Active Directory.
Since we know that Azure AD don’t accept non-routable local domains so it will not be added, you need to check “Continue without matching all UPN suffix to verified domains” so the users with local UPN suffix won’t be able to sign-in.
Uncheck “Start synchronization process when configuration completes” so we will start sync later. Click Install to proceed.
Configuration is successfully completed.
Now starts the Configuration part. Launch the Azure AD Connect Wizard by clicking the Azure AD Connect icon on Desktop.
Specify the custom OU which you want to sync with Azure AD Connect.
Password Hash Synchronization is selected by default but you can also configure other methods like Pass Through Authentication (PTA).
Note: If you have Basic Version of Azure AD then you won’t be able to use Write Back features like Password, Groups, Device, for that purpose you need to acquire Azure AD Premium licenses for users.
Finally click on “Start the Sync….” and hit the configure button.
Now launch the Synchronization Service Console as an Administrator.
The following console will show you the status of sync and you can also run sync jobs manually;
There are number of categories available for Sync Job like Full Sync, Delta , Full Import , Full Export.
In case of minor changes use the Delta Synchronization
You can verify AD Connect Health Status on Microsoft 365 Admin portal.