Share via

Migration from adfs to PTA staged rolled out

Santiago Robledo Vaquero 1 Reputation point
2022-04-27T06:47:48.67+00:00

Hi there

Im having some doubts with staged rolled out to migrate from adfs to PTA+SSO
Some documentation tells me to not install PTA agent into Adconnect server, meanwhile another tell me to install PTA agent on it
Where should i install the agent USING STAGED ROLLED OUT?

Doc in where not tu use

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-staged-rollout
Section - PRE-work for pass-through auth
Doc in where is needed to install on ADConnect
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/migrate-from-federation-to-cloud-authentication
Section - Deploy more authentication agents for PTA
The first agent is always installed on the Azure AD Connect server itself.

Another question i have is if once i finished adding groups and convert the domain to managed, should i turn off staged rolled out?

Microsoft Security | Microsoft Entra | Microsoft Entra ID

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 18,291 Reputation points MVP Volunteer Moderator
    2022-04-27T09:29:45.92+00:00

    Hi @Santiago Robledo Vaquero

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    I understand that you need to know where to install the PTA agents.

    As you said, the first one is installed on the same Azure AD Connect server.

    After that, I recommend you install it on the other two servers. You should have at least three PTA agents.

    You won't have any issue with that configuration, this is the exact configuration that I have in my environment.

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments
  2. Santiago Robledo Vaquero 1 Reputation point
    2022-04-27T09:35:39.337+00:00

    Hi @Carlos Solís Salazar

    The question is, the documentation says when staged rolled out is involved, the PTA agents should not be installed into ADCOnnect
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-staged-rollout
    Section - PRE-work for pass-through auth

    Im planning to use staged rolled out so i need to clarify this point and discover if when staged rolled out is on the game the agnets need to be installed in other machine.

    0 comments
  3. Carlos Solís Salazar 18,291 Reputation points MVP Volunteer Moderator
    2022-04-27T12:55:43.937+00:00

    @Santiago Robledo Vaquero

    Well, according to the documentation that you mention and What I am interpreting (And hoping to understand your requirement this time)

    You do have to install agents on other servers before you install the Azure AD Connect with PTA.

    Having the agents installed won't generate any conflict in your current authentication system.

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.