This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 17%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
Hello,
Currently the company I work for does not have an on-prem infrastructure apart from a few standalone Linux servers. Cloud only services, Microsoft 365 and Azure AD are used. As the company is growing in size there will be the need of using features such as group policies, DNS, Ldap, certificate services and integration of the Linux servers etc.
I believe Azure AD Domain Services won't be enough as we will need to use features traditionally available through self-managed Active Directory Domain services on-prem. I understand I can create a new Active Directory forest in Azure using a couple of VMs and configure them as DCs. How will I integrate/sync that new Active Directory forest with Azure AD and the existing tenancy? Can I install Azure AD Connect sync on a DC in Azure and sync AD with the Azure Tenant?
Thank you
Kind Regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 45%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJV%3C/text%3E%3C/svg%3E)
You are absolutely correct, Azure AD Domain Service is not replacement of On-premise active directory. It solves other purpose.
Technically, you can install Azure AD Connect on the same server as you Domain Controller, however, it is not recommended. Recommendation is to deploy a member server and install ADConnect on that server. It is stable and long term solution.
Hi JaiVerma-7010,
Thank you for the answer. I just want to be sure that AADconnect will work when installed on a VM in Azure (on a member server) as I don't seem to be able to find any documentation about this scenario. All KBs about AADconnect refer to on-prem.
Kind Regards
@Frank-8722 Yes, you can install Azure AD Connect on Azure VM and it would work the same way as it works for On-prem.
Having one Azure AD Connect server can solve your purpose. However, it is recommended to install Azure AD Connect on 2 servers, where one server is configured as production server and the other server is configured as staging server. The staging server receives only the inbound updates and doesn't export anything. In case, if there is an issue with production server, you can move the staging server to production for disaster recovery.
Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.