Azure AD Connect server migration

Question

I need to migrate our Azure AD Connect service to a new server. The concern I have is the new version of the app contains config screens that aren't present in the old server application (1.4.18)

I plan on setting up the new install in staging mode for the time being, but I have concern regarding the below two options, neither the 'identifying users' nor 'Filtering' pages appear on my old server

This is an output from Get-ADSyncGlobalSettings from the old server

Identifying users, - I think the answer should be "Users are represented only once across directories" but we did an AD inter-domain migration some years back and I remember there was some talk about this but I can't remember if anything was changed. I can't see any equivalent setting on the old server

Source anchor - I think should be 'mS-DS-ConsistencyGuid' based on the output from old server

Sync devices, I think should be 'all users and devices', but again, I can't see any equivalent setting on the old server

Any assistance with this config is appreciated. Thanks

Answer 1

If you have a single Active Directory domain forest or a multi-domain forest where all users only have a user account in one forest, you would use the "Users are represented only once across all directories" option.

So, if the user account is only present in one forest at a time, you should use "Users are represented only once across all directories."

If user accounts exist in both forests at the same time, you should use "User identities exist across multiple directories" and match using "Mail attribute."

For the sourceAnchor, the recommended approach is to let Azure manage the sourceAnchor and Azure will automatically select ms-DS-ConsistencyGuid for new version of the tool. I wrote a blog post about why this is the recommended sourceAnchor attribute and how to switch from ObjectGUID.

If you want all users and devices to be synchronized you should select "all users and devices." Otherwise you can select a group.