azure ad connect
First, if you are using Dir sync, it is almost too late to migrate. Need to do that SOON!
Azure AD connect. Manages accounts and identities for the cloud. Several options:
- Verified domains. If you have a verified domain, you can have up to 300k objects.
- Fix on prem issues first.
- No server core
When you are ready to start there are some options. Express settings is basic.
First, need on prem AD. Foundation of all user IDs. Then comes cloud based identities. (Get the azure stencils for Visio. )
Can then add MFA to sign on after that.
Demo. Password sync will sync password hash to the cloud. This means we won’t need to have a direct connection to the cloud AD environment. This is default. Also supports ADFS, OR on prem path through to auth back to on prem AD.
They showed running the azure ad connect tool to sync users accounts, groups etc to the cloud. Pretty easy and straight forward.
Best practice:
- Don’t change the password for the service account
- Configure the scheduler to have different sync times and cycles
- Understand ports requirements – Kerberos, ldap, etc. firewalls that need to be opened.
- Disable unwanted sync results. Some won’t be necessary.
- Filtering units groups domains and attributes. Can have different filters so please configure them!
Dan at a Conference 