Microsoft Azure, Migration Tables

Azure AD Connect Sync: Understand and Customize Synchronization- Understanding Azure Active Directory

Objects and credentials, from an on- premises AD DS domain, can be synchronized to Azure AD using Azure AD Connect in a hybrid environment. Once those objects are synchronized to Azure AD, the automatic background sync then makes those objects and credentials available to applications using the managed domain.

A main component of Azure AD Connect is the Azure Active Directory Connect synchronization services (Azure AD Connect sync). Azure AD Connect Sync handles all the operations that pertain to synchronizing identity data between your on- premises environment and Azure AD. Azure AD Connect sync replaces DirSync, Azure AD Sync, and Forefront Identity Manager.

FIGURE 10.13 Enable Self-S ervice Password Reset

The Azure AD Connect sync service consists of two components:

     The on- premises Azure AD Connect sync component, also called Sync Engine

      The service side in Azure AD called Azure AD Connect sync service

These settings are configured by the Azure AD Module for Windows PowerShell. To see the configuration in your Azure AD directory, run Get- MsolDirSyncFeatures (as shown in Figure 10.14).

FIGURE 10.14 Running Get- MsolDirSyncFeatures

Many of these settings can only be changed by Azure AD Connect. The following settings can be configured by Set- MsolDirSyncFeature:

EnableSoftMatchOnUpn: Allows objects to join on userPrincipalName in addition to the primary SMTP address

SynchronizeUpnForManagedUsers: Allows the Sync Engine to update the user PrincipalName attribute for managed/licensed (non- Federated) users.

Using PowerShell Commands

Once you have enabled a feature, it cannot be disabled again. Table 10.3 shows you the settings configured by Azure AD Connect that cannot be modified by Set- MsolDirSyncFeature.

TABLE 10.3 Settings configured by Azure AD Connect

DirSync featureNote
DeviceWritebackAzure AD Connect: Enables device writeback
DirectoryExtensionsAzure AD Connect sync: Directory extensions
DuplicateProxyAddress Resiliency DuplicateUPNResiliencyAllows an attribute to be quarantined when it is a duplicate of another object rather than failing the entire object  during export
Password Hash SyncImplement password hash synchronization with Azure AD Connect sync
Pass- through AuthenticationUser sign- in with Azure Active Directory Pass- through Authentication
UnifiedGroupWritebackGroup writeback
UserWritebackNot currently supported

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *