Azure AD Connect - Architecture DMZ or not

Question

Azure AD Connect - Architecture DMZ or not

Lolo S 1

Hello,

I would like to know if it's a best practice to put the "AD Azure Connect" Server on DMZ (ex : dmz.contoso.com) when we just need to synchronise the user identites located on the main forest "contoso.com" .
There is only one-way trust from dmz.contoso.com to cssf.lu ( i mean only consoto.com users can connect to dmz.contoso.com forest)

Is there any security risk to put the AD Connect Server directly on the contoso.com forest ?

Thanks

L.

Braxton94287 1 Reputation point

2022-10-31T17:36:50.597+00:00

You will need to install azure AD connect on domained joined window servers. Which we did for Insta ultra apk download startup. Which is working properly and one of the best practice. While it will not be possible to installed it directly on the window services. As we have tested it but that is not possible and not working properly. You need to try the method which is working for other and could save your time.

1 answer

Your answer

Braxton94287 1 Reputation point

2022-10-31T17:36:50.597+00:00

You will need to install azure AD connect on domained joined window servers. Which we did for Insta ultra apk download startup. Which is working properly and one of the best practice. While it will not be possible to installed it directly on the window services. As we have tested it but that is not possible and not working properly. You need to try the method which is working for other and could save your time.

Answer 1

Andy David - MVP 157.8K MVP Volunteer Moderator

The AADConnect server has to be domain-joined.
Treat it like a domain controller

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites

Share via

Azure AD Connect - Architecture DMZ or not

1 answer

Your answer