Plan Your Identity & Authentication Solution (part 3)
To read part 1, please click here
To read part 2, please click here
Azure AD Connect
The Azure Active Directory Connect or Azure AD Connect tool, which was once known as Windows Azure Active Directory Synchronization or DirSync, is an officially recommended directory synchronization tool for Microsoft 365. It is built up of three parts viz. the synchronization services, the optional Active Directory Federation Services piece, and the monitoring piece done with the help of Azure AD Connect health. It can easily operate as a software-based tool that after configuring once can run automatically in the background without any user interaction.
Using Azure AD Connect for Directory Synchronization
If you are using Azure AD Connect for Directory Synchronization:
- Although new user group, and contact devices in an on-premises Active Directory are added to Microsoft 365, but the licenses are not assigned to these objects automatically.
- The modified on-premises AD attributes of existing user, group, and contact objects are also modified in Microsoft 365 but not all of them can be synchronized to Microsoft 365.
- The deleted on-premises AD's existing user, group, and contact objects are also deleted from Microsoft 365.
- Similarly, the disabled on-premises existing user objects are also disabled in Microsoft 365 without any automatic unassigned licenses.
Azure AD Connect also supports the following scenarios:
- Multiple Active Directory forest environments
- Multiple exchange organizations to one Microsoft 365 tenant
There are two things required to be understood:
- The source of authority is on the on-premises AD.
- You are mastering objects from within your on-premises AD with the help of whatever management tools being used today, like AD Users and Computers or Windows PowerShell.
Azure AD Connect Cloud Provisioning
It is a new Microsoft agent designed to meet and accomplish your hybrid identity goals for synchronization of users, groups, and contacts to Azure AD. You can use it along with Azure AD Connect sync and get different benefits:
- Support for synchronizing to an Azure AD tenant from a multi-forest disconnected AD forest environment- commonly, scenarios include merger and acquisition in which the acquired one's AD forests are isolated from the parent company's AD forests and companies having history contains multiple AD forests.
- Easy installation with light-weight provisioning agents- the agents acts as a bridge from AD to Azure AD with all the sync configuration managed in the cloud.
- Multiple provisioning agents helps to simplify high availability deployments, particularly critical for the organization dependent on password hash synchronization from AD to Azure AD.
An organization only have to deploy a lightweight agent acting as a bridge between Azure AD and AD, in their on-premises and IaaS-hosted environment.
To read part 1, please click here
To read part 2, please click here
Comments
Post a Comment