AD connect question

Question

AD connect question

Shahin Mortazave 491

Hi,

We have migrated our AD Connect server to a new server and put the old server in the Staging mode and just to be sure the sync goes through the new server we disabled the nic of the old server and we now the new server does the wrok.

Now we want to remove the Ad sync from the old server because we get a sync health error that old server is not communicated with the AD health service.

Can we bring the old server back online and remove the AD connect? even it was not online for sometimes now?

O simply just remove the old server from Azure Active Directory Connect Servers and forget about the old server in staging mode?

Thanks

Shahin Mortazave 491 Reputation points

2023-07-04T09:15:44.7466667+00:00

thanks for your reply, the old server is indeed in staging mode and the synchronization is done through the new server. so it should be safe to bring the old server back online and remove the AADC from the old server.
Thanks
Tushar Kumar 3,396 Reputation points MVP

2023-07-05T00:02:28.22+00:00

Yes, you are!
Yuki Sun-MSFT 41,456 Reputation points Moderator

2023-07-07T08:40:13.61+00:00

Hi @Shahin Mortazave ,

Just checking in to see how things are going with this thread. If Tushar's reply below has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If you still have further questions or concerns, feel free to post back.

3 answers

Your answer

Shahin Mortazave 491 Reputation points

2023-07-04T09:15:44.7466667+00:00

thanks for your reply, the old server is indeed in staging mode and the synchronization is done through the new server. so it should be safe to bring the old server back online and remove the AADC from the old server.
Thanks
Tushar Kumar 3,396 Reputation points MVP

2023-07-05T00:02:28.22+00:00

Yes, you are!
Yuki Sun-MSFT 41,456 Reputation points Moderator

2023-07-07T08:40:13.61+00:00

Hi @Shahin Mortazave ,

Just checking in to see how things are going with this thread. If Tushar's reply below has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If you still have further questions or concerns, feel free to post back.

Answer 1

Just FYI

It's important to fully decommission old Azure AD Connect servers as these may cause synchronization issues, difficult to troubleshoot, when an old sync server is left on the network or is powered up again later by mistake. Such “rogue” servers tend to overwrite Azure AD data with its old information because, they may no longer be able to access on-premises Active Directory (for example, when the computer account is expired, the connector account password has changed, etcetera), but can still connect to Azure AD and cause attribute values to continually revert in every sync cycle (for example, every 30 minutes). To fully decommission an Azure AD Connect server, make sure you completely uninstall the product and its components or permanently delete the server if it is a virtual machine.

If you have configure the old server where is AAConnect in "staging mode" and the new server with AADConnect in normal , yes, you can uninstall AADConnect from control panel of old server.

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-uninstall

Answer 2

Yuki Sun-MSFT 41,456 Moderator

Hi @Shahin Mortazave ,

This should be able to work if you don't mind losing the data between the period of crash and restore. By the way, since from the description this problem is different what has been discussed previously, if you need further help on the restoring question, it'd be best starting a new thread instead. And for this thread, you can click Accept Answer button under the post you found helpful for others' referencing. Thanks for your understanding.

Shahin Mortazave 491 Reputation points

2023-07-18T08:17:12.2533333+00:00

Thank you @Yuki Sun-MSFT sorry for re-opening this post for a different issue. I needed quick answer.
we have restored the VM from the most recent backup but we did not yet connect it to the interent.
so except lossing the data between the crash time and the time of the backup we shouldn't get any problem, right?
I will accept your answer as solution :)
Shahin Mortazave 491 Reputation points

2023-07-18T08:36:20.0366667+00:00

Thank you @Yuki Sun-MSFT sorry for re-opening this post for a different issue. I needed quick answer.
we have restored the VM from the most recent backup but we did not yet connect it to the interent.
so except lossing the data between the crash time and the time of the backup we shouldn't get any problem, right?
I will accept your answer as solution :)
Yuki Sun-MSFT 41,456 Reputation points Moderator

2023-07-19T01:36:04.0966667+00:00

Hi @Shahin Mortazave ,

I haven't had a chance to try it personally but per my understanding, you won't get other major problems except the loss of data between the crash and restore time.

This is also one of the solutions mentioned in the answers on a similar topic, see AAD connect backup/restore.

By the way, due to the limitation of community support, actually community is not the right channel for urgent issues, so, if you need further help on this, you can consider opening a support ticket directly.

Answer 3

Shahin Mortazave 491

@Yuki Sun-MSFT Thank you for your reply, we came accross a problem, the ADD server has been crashed and now about 24 hours sync is not heppeing and users cannot login from outside the LAN.

I have a backup of the VM server that is made 48 hours before. can I restore the VM and let it to sync? the data that has been changed since the last backup is not important and we can mis that.

Thanks

0 comments

Share via

AD connect question

3 answers

Your answer