Full onsite Disaster Recovery when also using EntraID

Jon 20 Reputation points
2024-08-13T12:55:55.4+00:00

My company uses on-site AD as well as Entra ID. Our AD users are both on-site authenticating against AD and remote and authenticating against Entra ID.

I have been asked to create a disaster recovery plan for the occasion when the on-site DCs are lost (following a fire, for example) and all that remains are whole machine VM off-site backups of the DCs as well as Entra ID in Azure Cloud.

In this scenario, what is the best way to recover on-site AD? Obviously, Entra ID will contain a more up-to-date version of AD than the backup. How do I recover a backup VM and reconnect to Entra ID and ensure that the local AD becomes consistent with Entra ID, and not the other way around?

Thank you

Azure Site Recovery
Azure Site Recovery
An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.
697 questions
0 comments
Accepted answer
  1. Sam Cogan 10,502 Reputation points MVP
    2024-08-13T15:21:39.2266667+00:00

    Entra ID sync is one way, from AD to Entra, not the other way around, so you can't really do what you are asking here. You would need to restore your domain controllers from your backup, re-enable sync and then deal with any inconsistencies.

    Password changes are the only thing that do sync the other direction, and these should resolve themselves.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.