This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Windows 2019 AD server -- Does Microsoft support Load balancing using LB VIP the AD service ports like LDAP DNS etc.
We are planning to provide a LB VIP IP and name to our AD LDAP/LDAPS and DNS services so our clients mostly LDAP clients can use them in their applications and scripts.
The idea is to make sure we provide high availability and a standard name for AD LDAP services so, in future these applications and scripts can continue to use these names irrespective of the backend AD servers.
yes there are many applications and scripts which are not knowing AD topology or are unable to fetch the AD SRV records from the DNS etc. We are advocating the applications to move away etc.
We wanted to understand if anyone is doing this, encountered any issues. Any advise here will be helpful.
Best Regards,
Sony Abraham
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hi Sony Abraham,
Thank you for posting in the Microsoft Community Forum.
Yes, Microsoft supports load balancing for Active Directory (AD) services such as LDAP, LDAPS, and DNS using a Load Balancer (LB) Virtual IP (VIP). This setup can provide high availability and a consistent name for accessing AD services, making it easier for applications and scripts to utilize them without needing to be aware of the backend AD server topology.
Best regards
Neuvi Jiang
Ok so let's unpack this a bit. AD in itself is self balancing on deployed services across DCs. This has been the way the systems are built for the last 20+ years.
With that said, Microsoft is not a load balancer company.
We do not support load balancers.
If you run into issues the first support question is going to be "what is the architecture look like?", turn off all non-supported items and test issue.
If you go with this setup, you will be reliant on the LB vendor for issues revolving around it. Consider your setup is this:
LB - ViP - Multi-IP --->>> AD service (across multiple IPs)
responding to local calls that route not to AD itself but the LB - Site and services maybe impacted
Kerberos will be impacted, TLS will be impacted, Error handling will become problematic at best depending on the vendor.
If you are looking for app resolution and the apps cannot fetch AD SRV or interact with the services, then the issue is the application set and not AD. I would strongly urge you to look at updating, upgrading, changing the applications because they are 15+ years behind the current identity times. A LB will only buy some time at best.
Tim Medina - Microsoft
Some additional context:
Load balancers and Active Directory | Microsoft Learn
This has been covered quite extensively. We do not officially support the use of load balancers, as stated in the article and Tim.
As a Microsoft Employee who has supported Active Directory for 15+ years I can assure you that using load balancers with Active Directory is not supported. Please see the article that Ron posted.
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
