Why shouldn't the Okta AD Agent be installed on a Domain Controller? Skip to main content
https://support.okta.com/help/answers?id=9060z000000jjlyqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Carol MorrisCarol Morris 

Why shouldn't the Okta AD Agent be installed on a Domain Controller?

The documentation states it's not recommended but doesn't say why.
Best Answer chosen by Carol Morris
Rimmel JawaRimmel Jawa (Okta)
We recommend you do not install the AD Agent on the domain controller just as a general rule of practice to ensure the stability of your server.  We have seen in the past on Windows 2008 R2, where if you had the AD agent and IWA agent installed, there would be some loop back.  But that is a thing of the past and is no longer seen.  Just to summarise, there is no technical reason why you cannot install the AD agent on a domain controller, we just recommend you do not as a general rule of practise.  Hope that answers your question.