> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> Describes how to install multiple instances of the connector for higher availability.

# Deploy AD/LDAP Connectors for High Availability Environments

You can deploy multiple instances of the AD/LDAP Connector to provide a high-availability environment for your AD/LDAP connection.

## Overview

To deploy multiple instances of the AD/LDAP Connector, you'll need to:

1. Install the AD/LDAP Connector on the primary server.
2. Copy or export the configuration files of the initial installation.
3. Install the AD/LDAP Connector on additional servers.
4. Import the configuration files from the initial installation to the additional connectors.

## Configure primary server

1. Install and configure the AD/LDAP Connector on the first server.
2. Open the troubleshooting screen (`http://localhost:8357/#troubleshoot`) and run the troubleshooting test. Make sure all tests pass.

| Test   | Description                                                                                                         | Troubleshoot                                                                                 |
| ------ | ------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
| Test 1 | Attempts to establish a TCP connection to the LDAP server and port specified.                                       | Check basic network connectivity and firewall settings that might prevent such a connection. |
| Test 2 | Attempts to perform an LDAP bind on the LDAP server and port specified and with the username and password provided. | Check the LDAP connection string, search path, username and password.                        |
| Test 3 | Attempts to perform an LDAP search against the directory to check the privileges of the specified username.         | Check the privileges of the username in the target directory.                                |
| Test 4 | Attempts to establish a connection to the Auth0 server.                                                             | Check network connectivity and firewall settings that might prevent such a connection.       |

3. Copy or export the configuration files.

## Configure additional server(s)

1. Install the AD/LDAP Connector on the additional server(s), but do not configure it.
2. Import the configuration files from the primary server.
3. Restart the Auth0 AD/LDAP and Auth0 AD/LDAP Admin Windows Services on the new server(s).
4. Open the troubleshooting screen (`http://localhost:8357/#troubleshoot`) and run the troubleshooting test. Make sure all tests pass.

To learn more, read [Install and Configure the AD/LDAP Connector](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/install-configure-ad-ldap-connector) and [Import and Export AD/LDAP Connector Configurations](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/import-export-ad-ldap-connector-configs).

## Verify connections

In the <Tooltip tip="Auth0 Dashboard: Auth0's main product to configure your services." cta="View Glossary" href="/docs/glossary?term=Auth0+Dashboard">Auth0 Dashboard</Tooltip>, go to the [Authentication > Enterprise > Active Directory / LDAP](https://manage.auth0.com/#/connections/enterprise/ad), and confirm that the connection is active.

## Using Kerberos or client certificates

If you enable Kerberos or client certificates for authentication on your AD/LDAP connection, users contact the AD/LDAP Connector directly instead of going through the Auth0 server.

If you are using a high-availability configuration with multiple connectors, Auth0 recommends that you front them with a network load balancer:

1. Use the `SERVER_URL` parameter to publish the public location where the AD/LDAP Connector will be listening to incoming requests.
2. Map the `SERVER_URL` in the network load balancer to all internal instances of the deployed AD/LDAP Connectors. A special distribution policy is not required (for example, uniform round-robin with no sticky sessions works).

To learn more, read [Configure AD/LDAP Connector Authentication with Kerberos](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/configure-ad-ldap-connector-with-kerberos) or [Configure AD/LDAP Connector Authentication with Client Certificates](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/configure-ad-ldap-connector-client-certificates).

## Learn more

* [Install and Configure AD/LDAP Connector](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/install-configure-ad-ldap-connector)
* [Import and Export AD/LDAP Connector Configurations](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/import-export-ad-ldap-connector-configs)
* [Configure AD/LDAP Connector Authentication with Client Certificates](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/configure-ad-ldap-connector-client-certificates)
* [Configure AD/LDAP Connector Authentication with Kerberos](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/configure-ad-ldap-connector-with-kerberos)
* [Point AD/LDAP Connector to Auth0 Connections](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/ad-ldap-connector-to-auth0)
* [Update AD/LDAP Connectors](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/update-ad-ldap-connectors)