Windows remote management must be enabled on these servers for remote installation. The servers where AD FS or Web Application Proxy are installed must be Windows Server 2012 R2 or later.You can enable PowerShell transcription if you use the Azure AD Connect wizard to manage sync configuration. The Azure AD Connect server must not have PowerShell Transcription Group Policy enabled if you use the Azure AD Connect wizard to manage Active Directory Federation Services (AD FS) configuration.Installing Azure AD Connect on Windows Server Core isn't supported. The Azure AD Connect server must have a full GUI installed.The server must be using Windows Server standard or better. Azure AD Connect can't be installed on Small Business Server or Windows Server Essentials before 2019 (Windows Server Essentials 2019 is supported).NET Framework version required is 4.6.2, and newer versions of. We recommend the usage of domain joined Windows Server 2022. You can deploy Azure AD Connect on Windows Server 2016 but since Windows Server 2016 is in extended support, you may require a paid support program if you require support for this configuration. Azure AD Connect must be installed on a domain-joined Windows Server 2016 or later.To read more about securing your Active Directory environment, see Best practices for securing Active Directory. We recommend hardening the Azure AD Connect server as a Control Plane asset by following the guidance provided in Secure Privileged Access The Azure AD Connect server must be treated as a Tier 0 component as documented in the Active Directory administrative tier model. Follow the guidelines in Securing privileged access. It's important that administrative access to this server is properly secured. The Azure AD Connect server contains critical identity data. The recommended execution policy during installation is "RemoteSigned".įor more information on setting the PowerShell execution policy, see Set-ExecutionPolicy. Ensure that the PowerShell execution policy will allow running of scripts. We recommend that you enable the Active Directory recycle bin.Īzure Active Directory Connect runs signed PowerShell scripts as part of the installation. Using on-premises forests or domains by using "dotted" (name contains a period ".") NetBIOS names isn't supported.Using a read-only domain controller (RODC) isn't supported, and Azure AD Connect doesn't follow any write redirects. The domain controller used by Azure AD must be writable.You might require a paid support program if you require support for domain controllers running Windows Server 2016 or older. The domain controllers can run any version as long as the schema version and forest-level requirements are met. The Active Directory schema version and forest functional level must be Windows Server 2003 or later.
0 Comments
Leave a Reply. |