Mastering Identity and Access Management with Microsoft Azure

上QQ阅读APP看书，第一时间看更新

Azure Active Directory Connect high availability

For high-availability reasons, a new Azure AD Connect server can be rebuilt and resynchronized in a couple of hours for a small or medium-sized business.

Remember that the sourceAnchor attribute is used to join the objects from on-premises and the cloud. The sync engine matches the objects together again on reinstallation.

It's very important that you document your configuration changes, such as special filtering or synchronization rules. You need to reapply these settings before you start the synchronization process. You can use the Azure AD Connect documenter ( https://github.com/Microsoft/AADConnectConfigDocumenter ) to save your changes.

Larger organizations with more than 100,000 users, groups, and other objects will take much more time to rebuild the synchronization. If there needs to be a faster time to recovery, Azure Active Directory Connect can be configured to use a dedicated SQL server deployment with SQL high availability. This option provides the needed data directly. With more than 100,000 users, an SQL server is required because a large organization wants to have low recovery time for the synchronization service.

Another way to provide a highly redundant system is to use another server with Azure Active Directory Connect installed and configured in Staging mode. This functionality also reduces recovery time.

The following diagram shows a staging-mode configuration:

Enable the staging mode for HA

With Azure AD Connect version 1.1.524.0, Microsoft added the SQL Always-on Availability (AOA) Group support. SQL clustering was added in an earlier release. Be aware that SQL AOA needs to be enabled before you install Azure AD Connect.