This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 50%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hi Community,
We are currently running Entra Connect Sync on a single (active) server and have recently set up a staging server for high availability.
To configure the staging server, I followed the import/export settings process from the active node to the staging node. Everything went smoothly, but I noticed a difference regarding device configuration.
On the active server, the "Configure Devices" option is enabled, and an SCP (Service Connection Point) connection is already established using AD FS authentication.
My Question:
Do I need to manually create the SCP connection with AD FS on the staging server, or will the SCP settings be automatically applied once the staging server is promoted to active?
I’d really appreciate any clarification or best practices from those who’ve handled similar scenarios.
Thanks in advance!
Thank you leads for your insight.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 18%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Question leads:-
I have successfully performed the migration from federation to cloud authentication. However, I’m still seeing details of ADFS under Entra Connect Sync > Manage Federation. How can I remove or clear these ADFS details now that we’re no longer using federation?
Hi., yea thats expected. A new install doesnt reflect that its enabled even if you import the other servers configuration.
All you need to do on the staging server is check that Hybrid join option , but no need to let actually configure it or enter the EA creds since it already exists. You can then hit Next and run through the Wizard. (Pretend you are going to download the ConfigureSCP.PS1) :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 65%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEN%3C/text%3E%3C/svg%3E)
Manual SCP configuration on the staging server is not required. This is expected behavior, as staging mode servers do not write to Active Directory. Once promoted to active, the server will handle SCP management. It's recommended to run the “Configure Device Options” wizard after promotion to ensure SCP settings are correctly applied for Hybrid Azure AD Join.
If this resolves your query, please click Accept Answer and select Yes if you found it helpful. Feel free to reach out if you have any additional questions!
This is not correct. You should check the Hybrid Join option on the Staging server, however any further configuration is not needed if its already enabled in the AD forest.