Hi @MSFT Webcast, I have 2 domain controller(Primary/Secondary) with replication. Since you said, its not recommendable to install it in domain controller, where should i install it? to another windows server(3rd server)? By the way i have 2 windows server 2016.. Thanks
If you have small environment, you can install it on domain controller. There is no big reason to not install it on domain controller. But yes there few things we need to take into consideration if we install it on DC. 1. In case of Azure AD Connect tools troubleshooting, what if we need to restart the server (we have installed Azure AD connect on DC). It will be not easy to restart the DC directly. 2. What if DC fails, yes we can restore it or rebuild it but when you install Azure AD Connect tool on an DC, it becomes a one-off. 3. Security point view: Azure AD connect tool use SQL server 2012 Express edition. If there is bug or vulnerability then it will add attack surface on DC. Maybe we also needs to adjust few firewall rules. 4. For Azure AD connect tool to work, we need to connect our DC to the Internet. (Now days this is not a big thing but still)
@@MSFTWebCast Wow!! Thank you for your response. Can I install it to my Secondary DC? We have 400 or less users. Actually I'm trying to connect our windows server 2016 to our M365 Business Basic and Standard for SSO purposes. Im testing it on virtual machine. Thanks again
I am getting error message when choosing Customize/Express setting and clicking on Install. Error ""Unable to install the Synchronization Service. Exception has been thrown by the target of an invocation." I have verified the pre-requisites is fulfilled. TLS 1.2 is enabled, Set-Execution Policy is set to remotesigned, PSRemoting is enabled. PowerShell Version: 5.1 .NET Framework Version: 4.8 Any idea on what to look at for the resolution?
Azure AD Connect is one-way with some exceptions: *Writeback of passwords (requires Azure AD Premium P1 for all users using the feature) *Exchange hybrid writeback of specific Exchange related attributes *Group writeback for Microsoft 365 Groups *Device writeback for condional access and Windows Hello for Business using ADFS
@@MSFTWebCast Thanks for the quick reply. I thought you mentioned in your video that Microsoft doesn’t like it on your PDC and to put it on a different server?
I dont have any video on it. But I can refer you to a very good article on it by "Ali Tajran". Link to that article: www.alitajran.com/sync-azure-ad-user/
all your videos are helpfull, your channel is best i have seen in youtube honestly. everything clear starting from your voice till the step by step images. i never miss any video you upload. may i i know your direct contact? mail or wtsapp prefer.
Thanks MSFT always the BEST
Thank you. You are the best of the best. You are always first choice.
Hi, What role did you give the AD account which you are using for the syncing?
Hi MSFT thanks for video. I have question, this configuration work for use account for login in server on RDP with anyone account in Entra ID? Thanks.
Hi MSFT this is a great video. any advise what azure resources and services needed to build a Hybrid AD?
Is it possible to do the reverse? Taking users from azure active directory to the on-premise server?
No, its not possible. As this is one-way synchronization from on-premise AD to Azure AD.
How to add more OU's in azure ad portal
okay, what if i have verified the domain at the tenant ?
Useful video. I have a routable custom domain. Does that make any difference in terms of the installation of AD Connect?
Hi is active direcory domain service is enough or do we need to craete loacal ad server ?
Hi this is connecting to our default onmicrosoft domain. is there any possibility to sync our custom domains?
Same process just names will changed.
Hi @MSFT Webcast, I have 2 domain controller(Primary/Secondary) with replication. Since you said, its not recommendable to install it in domain controller, where should i install it? to another windows server(3rd server)? By the way i have 2 windows server 2016.. Thanks
If you have small environment, you can install it on domain controller. There is no big reason to not install it on domain controller. But yes there few things we need to take into consideration if we install it on DC.
1. In case of Azure AD Connect tools troubleshooting, what if we need to restart the server (we have installed Azure AD connect on DC). It will be not easy to restart the DC directly.
2. What if DC fails, yes we can restore it or rebuild it but when you install Azure AD Connect tool on an DC, it becomes a one-off.
3. Security point view: Azure AD connect tool use SQL server 2012 Express edition. If there is bug or vulnerability then it will add attack surface on DC. Maybe we also needs to adjust few firewall rules.
4. For Azure AD connect tool to work, we need to connect our DC to the Internet. (Now days this is not a big thing but still)
@@MSFTWebCast Wow!! Thank you for your response. Can I install it to my Secondary DC? We have 400 or less users. Actually I'm trying to connect our windows server 2016 to our M365 Business Basic and Standard for SSO purposes. Im testing it on virtual machine. Thanks again
@@MarvinAjero-h4u Yes, you can install it on your ADC.
@@MSFTWebCast or Can I install it both? for replication purposes? is it possible?
@@MarvinAjero-h4u Yes it is possible to have multiple servers with Azure AD connect sync tool.
I am getting error message when choosing Customize/Express setting and clicking on Install.
Error ""Unable to install the Synchronization Service. Exception has been thrown by the target of an invocation."
I have verified the pre-requisites is fulfilled.
TLS 1.2 is enabled, Set-Execution Policy is set to remotesigned, PSRemoting is enabled.
PowerShell Version: 5.1
.NET Framework Version: 4.8
Any idea on what to look at for the resolution?
Hi is this one way sync On-premise AD to Azure AD or two way sync?
Azure AD Connect is one-way with some exceptions:
*Writeback of passwords (requires Azure AD Premium P1 for all users using the feature)
*Exchange hybrid writeback of specific Exchange related attributes
*Group writeback for Microsoft 365 Groups
*Device writeback for condional access and Windows Hello for Business using ADFS
I'm assuming the server you install on needs to be a second domain controller?
If you have only one domain controller then you can install it on PDC, if you have two DC's then you can install it on both.
@@MSFTWebCast Thanks for the quick reply. I thought you mentioned in your video that Microsoft doesn’t like it on your PDC and to put it on a different server?
@@DaveShrivastav Its true. If you have member server then it should be your first choice.
@@MSFTWebCast Should ADDS be installed on that member server?
On the Futures i make this for my commany , thank you
I'm getting an error. Azure Active directory contains the maximum allowed number of Azure AD service accounts.
Nicely explained...ty
is there a way to sync Azure AD users to Local AD ?
I dont have any video on it. But I can refer you to a very good article on it by "Ali Tajran". Link to that article: www.alitajran.com/sync-azure-ad-user/
@@MSFTWebCast thanks mate, that has been done by following it.
I need personal training. Can you please help?
Sorry brother but currently I am providing any training.
@@MSFTWebCast I ll pay you
beautiful
Why would you want to sync your local AD users with Azure?
If you want to use cloud service using your on-premises Active directory user accounts.
Ok, I guess that makes sense. Just trying to learn. Thanks! @@MSFTWebCast
Second😜
Tunak Tunak tun lalalalal
seriously ? u sync a non routable domain??
Yes for demonstration purpose. When next time I update the videos I will use routable domain.
all your videos are helpfull, your channel is best i have seen in youtube honestly. everything clear starting from your voice till the step by step images. i never miss any video you upload. may i i know your direct contact? mail or wtsapp prefer.