The AADConnect server has to be domain-joined.
Treat it like a domain controller
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I would like to know if it's a best practice to put the "AD Azure Connect" Server on DMZ (ex : dmz.contoso.com) when we just need to synchronise the user identites located on the main forest "contoso.com" .
There is only one-way trust from dmz.contoso.com to cssf.lu ( i mean only consoto.com users can connect to dmz.contoso.com forest)
Is there any security risk to put the AD Connect Server directly on the contoso.com forest ?
Thanks
L.
The AADConnect server has to be domain-joined.
Treat it like a domain controller
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites