Before installing the AD Connect server

Before installing the AD Connect server, we need to check whether the existing environment meets the following requirements. They can be found at https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-prerequisites:

  • The AD forest functional level must be Windows Server 2003 or later.
  • If you plan to use the password writeback feature, then the domain controllers must be on Windows Server 2008 (with the latest SP) or later. If your DCs are on 2008 (pre-R2), then you must also apply hotfix KB2386717.
  • The domain controller used by Azure AD must be writable. Using a read-only domain controller (RODC) is not supported, and Azure AD Connect does not follow any write redirects.
  • There is no support for using on-premises forests/domains using Single Label Domains (SLDs).
  • There is no support for using on-premises forests/domains using dotted NetBIOS names (names with a period in them).
  • Azure AD Connect cannot be installed on Small Business Server or Windows Server Essentials. The server must use Windows Server Standard or better.
  • The Azure AD Connect server must have the full GUI installed. There is no support for installing it on Server Core.
  • Azure AD Connect must be installed on Windows Server 2008 or later. This server may be a domain controller or a member server when using express settings. If you use custom settings, then the server can also be standalone and does not have to be joined to a domain.
  • If you install Azure AD Connect on Windows Server 2008 or Windows Server 2008 R2, then make sure to apply the latest hotfixes from Windows Update. The installation cannot be started with an unpatched server.
  • If you plan to use the password synchronization feature, then the Azure AD Connect server must be on Windows Server 2008 R2 SP1 or later.
  • If you plan to use a group-managed service account, then the Azure AD Connect server must be on Windows Server 2012 or later.
  • The Azure AD Connect server must have .NET Framework 4.5.1 or later and Microsoft PowerShell 3.0 or later installed.
  • If AD FS is being deployed, the servers where AD FS or Web Application Proxy are installed must be Windows Server 2012 R2 or later. Windows remote management must be enabled on these servers for remote installation.
  • If AD FS is being deployed, you need SSL certificates.
  • If AD FS is being deployed, then you need to configure name resolution.
  • If your global administrators have MFA enabled, then the URL https://secure.aadcdn.microsoftonline-p.com must be in the trusted sites list. You are prompted to add this site to the trusted sites list when you are prompted for an MFA challenge and it has not been added before. You can use Internet Explorer to add it to your trusted sites.
  • Azure AD Connect requires a SQL Server database to store identity data. By default, SQL Server 2012 Express LocalDB (a light version of SQL Server Express) is installed. SQL Server Express has a 10 GB size limit that enables you to manage approximately 100,000 objects. If you need to manage a higher volume of directory objects, you need to point the installation wizard to a different installation of SQL Server.
  • If you use a different SQL Server version, then these requirements apply:
    • Azure AD Connect supports all flavors of Microsoft SQL Server from SQL Server 2008 (with the latest service pack) to SQL Server 2016. Microsoft Azure SQL Database is not supported as a database.
    • You must use a case-insensitive SQL collation. These collations are identified with a _CI_ in their name. There is no support for using case-sensitive collation, identified by _CS_ in the name.
    • You can only have one sync engine per SQL instance. There is no support for sharing a SQL instance with FIM/MIM Sync, DirSync, or Azure AD Sync.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.192.3