By default it allows 500 deletes per run. The prevent accidental deletes feature is turned on by default and protects your cloud directory from numerous deletes at the same time. Password writeback will allow your users to change and reset their passwords in the cloud and have your on-premises password policy applied.ĭevice writeback will allow a device registered in Azure AD to be written back to on-premises Active Directory so it can be used for Conditional Access. Since it uses your on-premises Active Directory as the authority, you can also use your own password policy. The end-user can use the same password on-premises and in the cloud but only manage it in one location. Password hash synchronization synchronizes the password hash in Active Directory to Azure AD. You can change the filtering based on domains, OUs, or attributes. By default all users, contacts, groups, and Windows 10 computers are synchronized. Some features might sometimes require more configuration in certain scenarios and topologies.įiltering is used when you want to limit which objects are synchronized to Azure AD. More about Azure AD Connect credentials and permissionsĪzure AD Connect sync: Operational tasks and considerationsĪzure AD Connect comes with several features you can optionally turn on or are enabled by default. If you plan to make frequent configuration changes, you should plan for a staging mode server. You might want to have a stand-by server so you easily can fail over if there is a disaster. You also want to prepare for operational concerns. Learn more about Install Azure AD Connect Verify the installation and assign licenses Upgrade from Azure AD sync tool (DirSync) Next steps to Install Azure AD Connect Topic There are several different methods depending on your preference.Īfter installation you should verify it is working as expected and assign licenses to the users.Upgrade from Azure AD Sync or Azure AD Connect Used when you have an existing DirSync server already running.Customize synchronization features, such as filtering and writeback.Customize your sign-in option, such as pass-through authentication, ADFS for federation or use a 3rd party identity provider.User sign in with the same password using password synchronization.If you have a single forest AD then this is the recommended option to use.Steps to complete before you start to install Azure AD Connect.Solutionīefore you start - Hardware and prerequisites You can find the download for Azure AD Connect on Microsoft Download Center. As a result, Microsoft can't provide technical support for such deployments. Any of these actions might result in an inconsistent or unsupported state of Azure AD Connect sync. Microsoft doesn't support modifying or operating Azure AD Connect sync outside of the actions that are formally documented.
0 Comments
Leave a Reply. |