We currently employ three Windows Servers Running AD:

1 Physical Server on-Prem (Prem-AD01)

2 Virtual Servers in Azure (VM-AD01 & VM-AD02)

One of the Virtuals does most of the heavy lifting. In fact, our Fortigate currently hands out the aforementioned Virtual (VM-AD01) as the DNS. Our Domain has access to Azure via an Azure Virtual Network Gateway (VpnGw2).

Today , I ran a test. I took Prem-AD01 off line; I wanted to see how the local physical network would react.

Predictably, not well. Internet access slowed down to a crawl with a lot of time-outs.

I checked network settings and whilst Prem-AD01 is up, DNS is VM-AD01; when down, same deal.

I’ve verified that the only 53 traffic that is hitting Prem-AD01 when up is from VM-AD01 & VM-AD02 checking in.

Now, I am guessing some of the problems are the result of failing to take Prem-AD01 down properly (i.e. demotion) but I don’t know for sure and I want to understand this before I propose any changes to our network.

So, any ideas/thoughts?

I appreciate it; thank you!