Question: What is HC AD Sync Secondary setup and when is it mandatory to deploy Secondary setup of HC AD Sync Tool?
Answer: This article explains why AD Connect Sync Secondary setup is required ? How it is deployed ? and how to configure it properly?
Why ADSync Secondary Setup deployment is required ?
If you host an additional Domain Controller in your infrastructure and want to keep track of the "password change" event performed on this additional Domain Controller syncing onto the Cloud DC then a Primary setup that is installed on the Primary Domain Controller alone will not be enough to hook the "password change" event which is triggered from the additional Domain Controller and sync it onto the Cloud DC. In order to handle the situation, HC ADSync (AD Connect Sync ) Tool also needs to be installed on the additional Domain Controller machine.
How ADSync Secondary Setup is installed ?
There is no separate installer for Secondary Setup of ADSync tool on additional DCs. As you run the same installer, you are provided with 2 options:
- Primary Domain Controller
- Additional Domain Controller
If ADSync installer is to be deployed on Additional Domain Controller, then select the option Secondary Domain Controller as shown in the below screenshot.
How AD Connect Sync Secondary Setup is configured ?
HCDirSync Secondary Tool ( AD Connect Sync ) can be configured on Additional Domain Controller by following the steps given below :
- Run HCDirSync tool by selecting option Run as administrator
- Provide Local AD credentials
- Click on Save Settings button. ( See below screenshot for clarity)
Upon successful configuration, any "password change" event which is triggered from the Additional Domain Controller now will start to sync to the Cloud DC.