Back to Blog
Active Directory Azure

Force Azure AD Connect to Connect Only to Specific Domain Controllers

Image of Michael Van Horenbeeck MVP, MCSM
Michael Van Horenbeeck MVP, MCSM
Azure AD connections

Consider the following scenario: you are about to implement directory synchronization for Office 365. You have multiple Active Directory sites across several, geographically dispersed, locations all over the world. Unsurprisingly, some of these locations have better connectivity than others and you might not want AAD Connect to connect to Domain Controllers in locations with a slow or high latency connection at the risk of slowing down the entire process.

When Azure AD Connect connects to a new forest, it uses DNS to locate domain controllers it needs to connect to. Without additional configuration, it is very difficult to control or know exactly which Domain Controllers AAD Connect will connect to. I believe that within the domain it is installed in, AAD Connect will try and connect to Domain Controllers within the same site first –but I’m still waiting on getting that confirmed. Even if that is true, that would not necessarily be the case for remote forests as there is no way for AAD Connect to know which site in the remote forest is closest.

Once AAD Connect is installed, you will find that it is relatively easy to define a (static) list of Domain Controllers that AAD Connect should connect to.

  1. First, open up the Synchronization Service Manager on your AAD Connect server. This executable (miisclient.exe) is typically located in “C:\Program Files\Microsoft Azure AD Sync\UIShell”

  2. Navigate to Connectors and locate the connector, specific for your domain (forest). Note that the screenshot below only shows a single domain. If you are in a multi-forest environment and you might see multiple:

    Exchange configure window

  3. Right-click the connector and choose

  4. In the properties window, go to Configure Directory Partitions and make sure to check the box next to Only use preferred domain controllers:

    Exchange partition window

  5. In the Configure Preferred DCs window, add the domain controllers you want AAD Connect to interface with. You can order the domain controllers preference by moving them up/down the list.

  6. Click OK to confirm the changes.


And that’s all there is to it. Now, Azure AD Connect will only talk to the Domain Controllers you have specified.

 
Image of Michael Van Horenbeeck MVP, MCSM
Michael Van Horenbeeck MVP, MCSM

Michael Van Horenbeeck is a Microsoft Certified Solutions Master (MCSM) and Exchange Server MVP from Belgium, with a strong focus on Microsoft Exchange, Office 365, Active Directory, and a bit of Lync. Michael has been active in the industry for about 12 years and developed a love for Exchange back in 2000. He is a frequent blogger and a member of the Belgian Unified Communications User Group Pro-Exchange. Besides writing about technology, Michael is a regular contributor to The UC Architects podcast and speaker at various conferences around the world.

Related Posts

Azure AD icon

A Closer Look at Azure AD Connect – Part 4

Image of Michael Van Horenbeeck MVP, MCSM
Michael Van Horenbeeck MVP, MCSM
Active Directory Office 365 Microsoft Exchange

Welcome to the fourth part of this article series about Azure AD Connect. In the previous article,...

Read more
Microsoft Azure AD Connect

A Closer Look at Azure AD Connect – Part 5

Image of Michael Van Horenbeeck MVP, MCSM
Michael Van Horenbeeck MVP, MCSM
Active Directory Office 365 Microsoft Exchange

Welcome to the fifth part of this article series about Azure AD Connect. In the previous article,...

Read more