About Multiple AD Bridges for High Availability and Load Balancing

Learn how to set up High Availability and Load Sharing so that you don’t have a single point of failure for your AD Bridge architecture.

If you only have one Microsoft Active Directory (AD) Bridge component in one Windows Service connecting to your Active Directory domain, it can be a single point of failure in the architecture.

To avoid this, Oracle Identity Cloud Service supports the installation of multiple AD Bridge instances mapping to the same Active Directory domain.

The maximum number of AD Bridges that an administrator can install per domain must not exceed five (5). In addition, the maximum number of domains that an administrator can configure per tenant must not exceed 10. To configure these limits, raise an SR with Oracle Support.

With a AD Bridge High Availability (HA) deployment of at least two AD Bridges per domain, delegated authentication and data synchronization loads can be shared among all the AD Bridges. The allocation of requests to a AD Bridge is completely random, depending on the availability of that particular AD Bridge. One delegated authentication request will be picked up by one AD Bridge. An AD Bridge can pick delegated authentication and full or incremental synchronization as well. Both AD Bridges have the capability to perform data synchronization and delegated authentication simultaneously. However, only one AD Bridge can perform data synchronization of a domain at a time.