none
remove azure ad connect and reinstall

All replies

  • Hi,

    Welcome to the Office 2016, Office 2019, and Office 365 ProPlus IT Pro General Discussions forum. This IT Professional forum is for general questions, feedback, or anything else related to the RTM release versions of Office 2016, 2019 and Office 365 ProPlus.

    Your question is mainly related to Azure AD. To help you better resolve the problem, I will move the thread to Azure Active Directory Forum. You may get more helpful replies there.

    Thanks for your kind understanding.

    Best Regards,

    Herb


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Office 2019.


    Monday, May 20, 2019 2:16 AM
  • i have been advised by veeam to remove azure ad connect and reinstall it.

    is there any risk of losing my data if i do this with regards to my sync'd accounts?

    is it safe to do ?


           

    When you've setup Azure AD Connect with Express Settings, you can easily replace the faulty Azure AD Connect installation with a new one, without worrying.

    If you haven't used Express Settings, it's a longer story:
    Let's begin with a little explanation of Azure AD Connect and how it works under the hood: Azure AD Connect is a component that synchronizes between the on-premises Active Directory Domain Services environment (your Domain Controllers) and Azure AD, the cloud service. Through synchronization cycles, objects and their attributes are read from both identity stores and matched in its own database, dubbed the 'metaverse'. Through its synchronization rules, Azure AD Connect picks up on changes. It determines if an action is required, and if so, what action is required when an object appears from scope, disappears from scope, or is changed. Then, Azure AD Connect performs the changes.

    Azure AD Connect offers a functionality called Staging Mode. Basically, this mode offers a second Azure AD Connect installation with a second metaverse. The Staging Mode server, however, is not instructed with actions; it doesn't perform changes (in terms of sync cycles, it only performs imports). 

    The challenges with Staging Mode are the same challenges you will face when implementing a new Azure AD Connect installation:

    • If the scope in terms of OU Filtering, App and Attribute Filtering or Group Filtering are not configured identical between the two installations, you will end up with different object and/or attribute scopes.
    • If you made choices in terms of Alternate Login ID, authentication method or sourceAnchor, and you don't configure these settings identically between the two installations, authentication to Microsoft online services might break for your end-users.
    • If you configure the service account to Active Directory manually, and you don't reuse this account and/or you setup a new account with different delegated privileges, synchronization may not be performed without errors.
    • If you configure the new Azure AD Connect with different settings in terms of Optional Features, functionality like Exchange Hybrid, Exchange Hybrid Public Folders, Group Writeback and Password Writeback might break.
    • If you have changed the deletion threshold on the Azure AD Connect installation and don't configure the same deletion threshold on the new Azure AD Connect installation, any proces that relies on hitting the threshold may unexpectedly fail.

             

    My advice for any situation with non-Express Settings for setting up a new or additional Azure AD Connect installation would be to:

    1. Use the Azure AD Connect Configuration Diagrammer to get the configuration of the current Azure AD Connect installation(s).
    2. Setup a new Azure AD Connect installation in Staging Mode. Document the way Azure AD Connect is configured.
    3. Use the Configuration Diagrammer again, but this time point it to the new Azure AD Connect installation.
    4. Check the differences between the two outputs (this is built-in functionality of the diagrammer)
    5. Compare both metaverses for the number of objects (persons, groups, devices).
    6. Sample both metaverses for any differences between objects on attribute level.
    7. Switch the existing/old Azure AD Connect installation off, or to Staging Mode.
    8. Switch the new/additional Azure AD Connect out of Staging Mode.
    9. Perform a full synchronization.
    10. If AD FS is used as authentication method and managed through Azure AD Connect, repair the trust. Then Verify AD FS login.
    11. Decommission the existing Azure AD Connect installation, if the existing Azure AD Connect is to be decommissioned.
    Monday, May 20, 2019 10:51 AM
  • thanks for that info. that is a great utility.

    if a re-install isnt required but you just want to have a better DR setup:

    is ad connect support a server side IP change? can i use a 3rd party tool (veeam) to backup/restore my full VM and change ip for disaster recovery purposes? 

    Monday, May 20, 2019 2:04 PM
  • thanks for that info. that is a great utility.

    if a re-install isnt required but you just want to have a better DR setup:

    is ad connect support a server side IP change? can i use a 3rd party tool (veeam) to backup/restore my full VM and change ip for disaster recovery purposes? 

            

    None of an Azure AD Connect installation's IP addresses are stored or used as part of the authentication or authorization to Azure AD. You can change the IP addresses for Azure AD Connect installations without problems, as long as communication to the Domain Controller and Azure AD is possible. This means proper configuration of firewalls, proxies and Active Directory sites.

    You can use Veeam and other availability solutions to backup and restore Azure AD Connect.
    Because Azure AD Connect uses SQL Server Express as its database, make sure you pick the backup option 'Application-consistent backup' in Veeam for it.

    Tuesday, May 21, 2019 8:00 AM