Azure AD Connect is now General Available (GA) and is from now my preferred Synchronization Tool from Active Directory to Azure Active Directory.
Lets look into what AADConnect can do for us, now that it is GA.
When using Express Installation Settings:
– Upgrade path from DirSync (It will uninstall DirSync and install AADC)
– Quick and dirty setup for the default Synchronizer
When using Customized Installation Settings:
– Specify custom installation folder path
– Use the wizard to configure an SQL Server for DataBase hosting
– Use an existing service account
– Specify cutom Sync Groups, like which Group is the Administrators, Operators, etc.
When configuring AADConnect:
– Select Sign-In Method, now that AADC can deploy AD FS for us, or choose Password Synchronization/None configured
– Multiple Active Directory Forest (Next page to decide if the user is hosted in multiple forests)
– Uniquely idetifying users and mapping Source Anchor and UserPrincipalName
Sourche Anchor should be unique to the Object, and I recommend using objectGUID, but it is changeable.
UserPrincipalName can often be changed to map from Email attribute, keep in mind all attributes doesn’t supprt an email address as value. Let’s us keep our internal login names, allthough best practice is to change UPN in Our local Active Directory.
– Filter OU to Synchronize instead of all users and Devices, and instead of configuring inside the FIM Console. Possible to have different filter for each AD to Synchronize from.
– Optional features is Password Writeback and in Preview we have User, Group and Device Writeback. These require Azure AD Premium Licenses assigned to the users.
– Optional feature also enables and disabled the Synchronization of Extension attributes in AD, and AD AD Apps to choose which Online Service we will use. Preventing us from Synchronizing unneccessary attributes.
– Optional feature also covers Azure AD Attribute filter, if there is a specific attribute we don’t want to be synchronized to Azure AD. An example can be a social security number.
– Staging Mode is now a check Box at the end, so it doesn’t export any data to Azure AD upon finishing the configuration.
Leave a Reply
You must be logged in to post a comment.