![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 43%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,633 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
As per your query , I understand that you are trying to set up active directory server in hyperV and have some confusion around this setup with setup of Azure AD connect sync server as mentioned in this article https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server . Let me define both of the technologies one by one and then we will explain the high availability part .
Active directory is a on-premise technology which can be used as an Identity management system acting as both user store and authentication system . In terms of active directory , we can create logical structures like forest , domain etc. on a windows server by installing and configuring the Active directory domain services role. The Active directory service on its own is designed to be highly available depending upon how you set it up . For setting up active directory you might have created a virtual Machine in your hyper V server and installed the ADDS role on the server . While installing it , you may have created a domain name and configured DNS services etc. I would not get into details of installing active directory domain however this is the basic process to get started with active directory with your first domain controller. Domain controller is a term for one server unit which hosts active directory server within the AD infrastructure. Active directory generally is setup in a way that you have at least two domain controllers for disaster recovery purposes. Both the domain controllers have automatic sync configured which allows syncing of the active directory database automatically . Thus if you have multiple physical locations in real world then you could create structure of logical sites and associate them with subnets available in a particular site and keep adding domain controllers as per your need.
Within a HyperV server you can just create a new virtual machine and make sure it is associated with the same virtual Switch so that the new Virtual machine is part of the same vnet . You can setup the second domain controller by pointing the first Domain Controller as the DNS server . As long as you have setup networking correctly as per the firewall rules mentioned here , you should be able to setup an additional domain controller without a problem within the Hyper V environment you have.
Thus you get a highly available Active directory domain/forest running on HyperV . you can add as many domain controller in your AD infrastructure as you need for multiple virtual locations on HyperV. In case one server crashes then there will be another available. Now in this case your HyperV server provides the hardware infrastructure and if want to make that highly available then you will have to have multiple physical servers and install HyperV role on all of them . Connect and setup virtual networking so that all the Virtual Machines created could talk through the network to each other. Once this is done , you can create a Domain controller on a windows server on one hyperV machine and create additional domain controllers as part of the same active directory domain to have a truly HA environment . Whenever there is a problem on one hyperV server , domain controllers on other HyperV servers can continue to function.
You should checkout the Microsoft Learn course for understanding more on hyperV High availability clustering. You can check more on how to deploy HyperV clusters. Hwoever for Active directory you can just add more domain controllers in the infrastructure and you will be good to achieve high availability for Active directory service.
Now coming back to the Azure AD connect staging server related query , Azure AD connect is a tool which we recommend to install on a windows server when you want to sync your on-premise active directory objects to Azure Active directory . We recommend to install one such server for syncing the objects to Azure AD . However in case of any disaster on this server , a situation might occur that the user sync , or password sync may not work and can cause problematic situations for the end users. Running two Azure AD connect is not supported hence in order to overcome any disaster scenario we recommend to run another Azure AD connect server in Staging mode which is a mode where all the sync activities are performed within the local AD connect database but changes are not synced back to Azure AD . And whenever the primary AD connect server stops working , this server can be enabled to run complete sync to azure AD within minutes to minimize downtime thus ensuring high availability for sync services.
So running a domain controller on a VM and AD connect staging server are two completely different scenario and work differently in term of deployment in HA mode. Hope the clarifications above help you understand the differences in HA scenario for HyperV vs Active directory domain vs AD connect server . I have linked several articles and I would strongly recommend you to read through them as they will be lot helpful in understanding different scenarios. In case you feel that I have misunderstood the query you asked , please let me know in comments and we will continue the discussion . Should this information be helpful , please do accept the post as answer which will help improve the discoverability of this query within the community for users searching for similar answers.
Thank you .
----------------------------------------------------------------------------------------------------------------------------------------------------------
- Please don't forget to click on
whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how - Want a reminder to come back and check responses? Here is how to subscribe to a notification
- If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators