From the course: Microsoft 365: Domains and Directories
Supported topologies - Microsoft 365 Tutorial
From the course: Microsoft 365: Domains and Directories
Supported topologies
- [Instructor] Azure AD Connect is the mechanism that synchronizes an on-premises active directory environment to Azure AD. So what you see at the slide is a typical configuration. The triangle on the left represents an active directory forest. The box in the middle with the two arrows in it represents your Azure AD Connect server. And then the object on the right represents Azure AD. So Azure AD Connect synchronizes active directory objects between your on-premises active directory forest and Azure AD. And it performs that synchronization in both directions. So the cardinal rule when you're using Azure AD Connect is that you can only have a single Azure AD Connect server. So what this means is that in a single forest environment you won't be able to do something like this. In this diagram you can see that we have a single active directory forest represented by one triangle, the boxes representing different domains. And each one of those domains is tied into a separate Azure AD Connect server. And then all of those are tied into Azure AD. Now unfortunately this type of configuration is not supported. The proper way to do this would be to go back to what we saw a moment ago, and tie the entire forest into Azure AD Connect, and then connect that to Azure AD. So this basic topology is extremely important to keep in mind as you move into more complex environments, such as multi-forest deployments. So let's take a look at what a multi-forest deployment might look like. So here you can see a multi-forest environment. Each one of the forest represented by a triangle, and you'll notice that each forest is connected to a single Azure AD Connect server. And that Azure AD Connect server ties into Azure AD. So this is the proper way of configuring a multi-forest environment to use Azure AD Connect. What you can't do is something like this. Here you see each one of the active directory forest tied into its own Azure AD Connect server, and then each one of those servers tied into Azure AD. Unfortunately you can't do this. The proper way of doing things is what I showed you a moment ago, where each forest is tied into one common Azure AD Connect server. So that's the main thing that you need to know about topologies when you start working with multi-forest environments. The key is to only use a single Azure AD Connect server.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.