Shulou(Shulou.com)06/03 Report--

Recently, a client asked me a question: can the AAD Connect server change FQDN?

I was stupefied for a moment and asked why I changed my name, but the other party didn't tell me why. Although I knew that the description of the Microsoft official document could not be changed, I did not tell the customer directly that I had set up a test environment to verify the change of the AAD Connect server name. Let's take a look at what Microsoft officially said.

Microsoft official description link: https://docs.azure.cn/zh-cn/active-directory/hybrid/reference-connect-faq

Next I'm going to artificially rename the server.

Let's take a look at the name of the server under normal circumstances.

The synchronous log is also normal.

Then we manually change the server name and restart the server

The service of AAD Connect can run normally after restart.

Then execute the synchronization command manually, and now the command is executed successfully

The synchronization log is also shown to be successful

Everything seems to be so normal, so let's open the AAD Connect tool to modify the settings.

Create a new OU and create an account in the contoso.com root domain

Then add synchronous contoso organizational units to AAD Connect

Then start the synchronization process

Show configuration success

Check the success of all synchronization through the synchronization log

Then check whether the user has been synchronized in Office365, which shows that the account is also synchronized successfully.

Then check the directory synchronization status in Office365 is also normal, notice that the account of the synchronized directory is actually the name of the previous AAD server.

Looking back at Microsoft's official website, the description is "changing the server name will cause the synchronization engine to fail to connect to the SQL database instance, and the service will not start." isn't that a slap in the face? Check the log and find that SQL is installed on the AAD Connect server.

So my understanding is: if a back-end SQL Server is installed for AAD Connect alone, then if you change the name of the AAD Connect server at this time, the AAD Connect server will not be able to log in to SQL Server using the computer account, but the administrator can still log in to SQL Server with the admin account to add a new AAD Connect server as the login name. From my current test results, it is possible to rename the server normally, and manual synchronization can be performed several times without any error during the 1 hour after renaming.

It seems that we need to open a CASE with the Microsoft product group to confirm whether the statement on the official website is accurate!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.