Entra Connect/Azure AD Connect V2

On-prem AD to Azure AD Synchronization using Azure AD Connect

                                Azure AD Connect is a tool which helps to synchronize the On-premises AD Directory with the Azure AD Directory.

I have the following domain in my both On-prem and Azure AD Directory.

On-prem AD Domain: topathirazure.online

Azure AD Domain: topathirazure.online

If the same domain is not found in the Azure AD, all users will get sync’d with the default directory’s primary domain.

Below are the users who are part of On-prem AD. I want these users to use the cloud VMs/Applications hosted in Azure Cloud. For that I need to sync the users from On-prem to Azure AD. We cannot Sync Azure AD users to On-prem.



Below users are currently available in the Azure AD Tenant.



To sync the users, we need to install a tool called Entra Connect/Azure AD connect in the on-premises machine which is part of the domain.



Below is the installation window of Azure AD connect.



You will have the different sing-on options to choose. This needs to be selected based on customer preferences.

Password Hash Synchronization:

                Password hashes are stored in Azure AD to authenticate the user’s login. This doesn’t need On-prem AD to authenticate.

Pass-through Authentication:

                Passwords are validated by using a PTA Agent installed in the on-premises servers. This PTA agent validates the password with On-prem AD.

Federated Authentication:

                This will be used when you have a third-party authentication system.

 

Any Azure AD account with Global Admin or Hybrid Identity role can be used to authenticate the connection to Azure AD.



AD Domain admin credentials are needed to connect to on-prem AD.



A matching Azure AD domain is required to sync. Here ‘topathirazure.online’ domain is available on both On-prem and Azure AD. Otherwise the users will get synchronized to the default directory.



There is an option to choose the specific OU to sync.



This is to identify the users uniquely when there are users available across the multiple directories.



Specific group in the Forest can also be synchronized.



Password write back must be selected to synchronize the password to On-prem if it is changed on Azure AD.



Synchronization service manager is the tool from Azure AD connect to managed and monitor the synchronization.



Highlighted users are from On-premises.



There is a manual option to create users using Bulk Invite or Bulk create.

 





Comments

Post a Comment

Popular posts from this blog

Why Azure Cloud

Image
Microsoft Azure    There are multiple cloud providers in the cloud market. However, only three cloud providers play a major role AWS, Azure, and Google Cloud. Each of them has its own advantages. In this article we are going to see what makes Azure to stand tall among all other cloud providers. Microsoft offers Azure as a cloud computing service. a collection of distinct cloud computing services, including remotely hosted and managed variations of proprietary Microsoft technology, are used to create, test, deploy, and manage cloud-based applications. ·           Offer almost 200+ Services. ·          It has 78 regions available in 140 countries which are huge compared to other cloud providers.   Microsoft Azure’s unique features and their benefits Infrastructure as a Service (IaaS) Microsoft Azure has spearheaded the development of IaaS, which allows businesses to manag...
Read more

Managed Identity

 Managed Identity:     Managed identity is used to eliminate the need for maintaining the credentials like keys, secrets, certificates etc. Managed identity provides an automatically managed identity in Microsoft Entra ID for applications to use when connecting to resources that support Microsoft Entra authentication. Benefits of using managed Identities: 1. No need to manage credentials and not even accessible to us 2. can use MI to authenticate to any resource that supports MS Entra autehntication 3. NO extra cost Types: 1. System Assigned     a. created as part of an azure resource     b. Share life cycle with azure resources that the MI is created with.      c. Can't be shared with other resources 2. User-Assigned     a. created as a stand alone azure resource       b. Independent life cycle     c. can be shared with other resources Use cases: System-assigned - Workloads contained within a sing...
Read more

Azure Active Directory Domain Services (AADDS)

Image
  Azure Active Directory Domain Services (AADDS)                                 AADDS is a service provided by Azure to maintain the legacy/on-prem applications on Azure cloud which can support only legacy/on-prem protocols like Kerberos, NTLM etc. This will work alongside Azure AD. Users part of Azure AD will be able to access the legacy servers using AADDS service. Users from On-premises will also be able to access the servers in Azure when you have done directory synchronization between On-prem and Azure AD using Azure AD Connect.                                 Azure AD DS provide one-way synchronization from Azure AD to the managed Domain. You can also control the syn...
Read more