(Cloud) Tip of the Day: Windows Azure AD Sync tool on a DC
A Directory Synchronization client exists that will support installing on a domain controller. This is a huge step forward to enable our small business customers to move to our cloud services.
Here are some other changes in this new version of Directory Synchronization…
- Sync Engine Memory leak issue
- "Staging-Error" during large Confirming Imports from Windows Azure Active Directory
- password sync behavior when sync'ing from Read-Only Domain Controllers (RODC)
- DirSync can be installed on a Domain Controller (must log-off/log-on AFTER installation and BEFORE configuration)
However, it is not a best practice to do this. This is because SQL Express Server is not recommended to be installed on a domain controller. For more information about the security restrictions for SQL Server on a domain controller, see the section titled Hardware and Software Requirements for Installing SQL Server 2008 R2 Hardware and Software Requirements for Installing SQL Server 2008 R2
You can find instructions on how to install Directory Synchronization on a domain controller here…
Best Practices for Deploying and Managing the Windows Azure Active Directory Sync Tool