Share via

Disaster recovery with Azure Active Directory Domain services

Fausto Palma 21 Reputation points Microsoft Employee
2022-03-16T07:54:28.81+00:00

I would like to know more about how the AD to AADDS (Azure AD Domain Services) sync works in a DR configuration that uses Replica Sets features.

Considering a configuration with two AADDS in sync with the Replica Set feature, my understanding is that changes to the AD will sync to one AADDS, which in turn will propagate the changes to the second AADDS.

If this is correct, what happens when, in case of disaster, the first AADDS is turned down? From some first experiment it seems that we loose the sync between AD and AADDS, is this an expected behavior or shall we do something specific to switch the sync to the second AADDS?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,386 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,195 questions
0 comments
Accepted answer
  1. Alan Kinane 16,901 Reputation points MVP
    2022-03-16T10:13:57.597+00:00

    Hi, so Active Directory (AD) does not sync directly with Azure AD Domain Services (AADDS). If you are syncing your AD environment then it is syncing with Azure AD (AAD). AAD in turn will sync with AADDS.

    AADDS replica sets are to provide availability in the event of an outage but yes as you mentioned if there is an outage then synchronization between replica sets will stop. Authentication should still work but no further syncs happen until the outage issue is resolved.

    My understanding is that this is a current limitation.

    183693-image.png

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.