question

KoNasl-2341 avatar image
0 Votes"
KoNasl-2341 asked KoNasl-2341 commented

Azure AD Connect in-place upgrade with separate SQL server

We have a pretty new, not yet production, AD Connect setup. When reading through install requirements we understood that once our environment goes production we will probably hit the 100,000 synced objects and should probably deploy AD Connect with a dedicated SQL database an another system.

We are currently only syncing with the group filter options for testing. AD Connect is version 1.5.45.0. Could I still do an in-place upgrade to the new 1.6.4.0 build, or would I have to go through the hassle of deploying a second staging server and doing a cutover?

azure-ad-connect
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bumping this thread to see if there was any way to do an in-place AD connect update with a separate SQL server?

0 Votes 0 ·

1 Answer

vipulsparsh-MSFT avatar image
1 Vote"
vipulsparsh-MSFT answered KoNasl-2341 commented

@KoNasl-2341 Thanks for reaching out and apologies for delay.

Considering this is yet pre-product and number of objects are less than 100,000 you can go for In-place update for Azure AD connect.
During the update process the synchronization is stopped anyway.

Do remember, If you've made changes to the out-of-box synchronization rules, then these rules are set back to the default configuration on upgrade. To make sure that your configuration is kept between upgrades, make sure that you make changes as they're described in Best practices for changing the default configuration.



If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the c

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the info! We have not modified any of the synchronization rules yet. And just to clarify, this in-place upgrade won't affect the current group filtering that is only allowed on initial deployment? Documentation mentions that once turned off group filtering cannot be re-enabled. I just want to make sure that an in-place upgrade does not disable the option.

0 Votes 0 ·

Upgrading will not disable group based filtering. Once you disable it manually, however, you cannot turn it back on. As long as you plan to turn this off before you go fully into production, you should be fine. Leaving it on long-term is a bad idea as there are severe performance implications tied to using group membership as a scoping criteria and when you start getting into hundreds of thousands of objects, you'll experience that performance hit more than you would notice at smaller numbers.

0 Votes 0 ·

We are planning on turning it off when we go production. For now we have too much fixing up of UPNs and emails before we do that.

0 Votes 0 ·