none
Azure AD Connect Staging

    Question

  • hello folks,

    we have Azure AD connect server (1.1.130) and I am planning to introduce another Azure AD Connect server (Staging) and then promote it as primary Azure Ad connect and remove the old one later on.

    can you let me know the best approach as to take the backup from old one and import it on new one etc,

    Thanks in advance,

    Wednesday, March 29, 2017 10:15 AM

All replies

  • Thanks Vasil for the link i really appreciate that, but i am looking import and export in case of disaster, lets say that if anything goes wrong how i can quickly switch back to my old server which has working configuration and by this end user wont have any impact,

    Eagerly waiting your expert reply.

    Wednesday, March 29, 2017 11:34 AM
  • You don't "import" the data, per-se.

    For a "Default" configuration (one which you have not created any custom rules or connectors):

    1. Install primary AAD Connect server.  If you have more than 50,000 objects, you will need a SQL instance that you can use for the database.
    2. Install secondary AAD Connect server using same settings and selecting "Staging Mode" checkbox during setup.  However, if you have more than 50,000 objects, you will need a *second* SQL instance (can't use the first SQL instance, as it will overwrite the database).

    Staging mode is configured exactly like normal mode, except the server running in Staging Mode does not export to AAD.

    For a "Custom" configuration (one that has significant number of additional connectors/rules that you don't want to recreate):

    1. Install primary AAD Connect server (AAD1).  If you have more than 50,000 objects, you will need a SQL instance that you can use for the dataset.  At the end of the configuration, clear the "Synchronize Now" checkbox before finishing setup.
    2. On AAD1, create a folder, such as C:\Backup\AAD.
    3. On AAD1, launch an elevated PowerShell Prompt.
    4. On AAD1, run Import-Module ADSync
    5. On AAD1, run Get-ADSyncServerConfiguration -Path C:\Backup\AAD
    6. Install secondary AAD Connect server (AAD2). Select Staging mode during configuration. At the end of the configuration, clear the "Synchronize Now" checkbox before finishing setup. 
    7. Log into Office 365 tenant and reset AAD Sync service account password to complex value you know and ensure the account is set to PasswordNeverExpires $True.
    8. On AAD2, launch Synchronization Service Manager, select Connectors, and all of the connectors (all AD connectors, AAD connector).
    9. Copy C:\Backup\AAD folder from AAD1 to AAD2.
    10. On AAD2, launch elevated PowerShell prompt.
    11. On AAD2, run Import-Module ADSync
    12. On AAD2, run Set-ADSyncServerConfiguration -Path C:\Backup\AAD
    13. On AAD1, launch Synchronization Service manager and edit each Connector, updating the password value for the service accounts.
    14. On AAD2, launch Synchronization Service manager and edit each Connector, updating the password value for the service accounts.
    15. On AAD2, run AAD Connect Setup on desktop, select "Modify configuration," and select Staging Mode checkbox before completing setup. 
    16. On AAD1, inside the elevated PowerShell prompt, run Start-ADSyncSyncCycle -PolicyType Initial
    17. On AAD2, inside the elevated PowerShell prompt, run Start-ADSyncSyncCycle -PolicyType Initial
    Thursday, March 30, 2017 7:04 AM
  • Unfortunately, this method of using Set-ADSyncServerConfiguration -Path C:\Backup\AAD to import/restore a server configuration is not supported by Microsoft an can cause some issues. Please do not use it for now.

    As of today, the only supported method to restore AAD Connect server configuration is to install AAD Connect using an existing SQL server database:

    https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-existing-database




    Thursday, November 02, 2017 6:30 AM