question

SantiagoRobledoVaquero-2308 avatar image
0 Votes"
SantiagoRobledoVaquero-2308 asked ShwetaMathur commented

Migration from adfs to PTA staged rolled out

Hi there

Im having some doubts with staged rolled out to migrate from adfs to PTA+SSO
Some documentation tells me to not install PTA agent into Adconnect server, meanwhile another tell me to install PTA agent on it
Where should i install the agent USING STAGED ROLLED OUT?

Doc in where not tu use

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-staged-rollout
Section - PRE-work for pass-through auth
Doc in where is needed to install on ADConnect
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/migrate-from-federation-to-cloud-authentication
Section - Deploy more authentication agents for PTA
The first agent is always installed on the Azure AD Connect server itself.

Another question i have is if once i finished adding groups and convert the domain to managed, should i turn off staged rolled out?

azure-active-directoryazure-ad-password-hash-sync
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShwetaMathur avatar image ShwetaMathur ·

@SantiagoRobledoVaquero-2308,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.

Thanks,
Shweta


0 Votes 0 ·

3 Answers

soysoliscarlos avatar image
0 Votes"
soysoliscarlos answered

Hi @SantiagoRobledoVaquero-2308

Thank you for asking this question on the Microsoft Q&A Platform.

I understand that you need to know where to install the PTA agents.

As you said, the first one is installed on the same Azure AD Connect server.

After that, I recommend you install it on the other two servers. You should have at least three PTA agents.

You won't have any issue with that configuration, this is the exact configuration that I have in my environment.

Hope this helps,
Carlos Solís Salazar

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SantiagoRobledoVaquero-2308 avatar image
0 Votes"
SantiagoRobledoVaquero-2308 answered

Hi @soysoliscarlos

The question is, the documentation says when staged rolled out is involved, the PTA agents should not be installed into ADCOnnect
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-staged-rollout
Section - PRE-work for pass-through auth

Im planning to use staged rolled out so i need to clarify this point and discover if when staged rolled out is on the game the agnets need to be installed in other machine.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

soysoliscarlos avatar image
0 Votes"
soysoliscarlos answered soysoliscarlos commented

@SantiagoRobledoVaquero-2308

Well, according to the documentation that you mention and What I am interpreting (And hoping to understand your requirement this time)

You do have to install agents on other servers before you install the Azure AD Connect with PTA.

Having the agents installed won't generate any conflict in your current authentication system.

Hope this helps,
Carlos Solís Salazar

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.



· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

soysoliscarlos avatar image soysoliscarlos ·

@SantiagoRobledoVaquero-2308, you can Accept Answer and Upvote, if the above response helped answer your query, others visiting the forum with the same query might get help.

NOTE: To answer you as quickly as possible, please mention me in your reply.

0 Votes 0 ·