Before installing AD Connect with IIS, ensure the deployment platform, the Windows Server® Internet Information Server (IIS) host for AD Connect, is secure.
You will want to consider:
- Deploying the Windows Server IIS host to a secured network location (such as, a combination of firewall with NAT and reverse proxy, or a DMZ). If the IIS host is to be directly connected to the Internet, this is critical.
- Assigning client browser trusted sites. You will need to add the IIS host as a trusted site to your users' browser clients. We tell you how to do this using Internet Explorer (IE) and Mozilla Firefox® settings or using Group Policy for IE.
- Using load-balancing and clustering. If you expect to have large numbers of single sign-on (SSO) users, for high-availability you may want to consider using Microsoft Network Load Balancing (NLB) or another load-balancing and clustering solution.