On-Prem AD integration with MS Azure AD (Activity Directory)Publish Date: July 10, 2018
I am delighted to share a post on one of the most important topics, On-Prem integration with MS Azure Active Directory (AD). In this blog, I shall share my experience on AD integration with MS Azure and other details which can help readers understand this better and will also guide on how to do planning, deployment, and operations. So get ready for the journey through the details of integration on-prem with MS Azure AD.
Azure AD connects, integrate any on-premises Active directory with Azure active directory, this allows companies/customers to provide a collective identity for all users for Office 365, Azure and all your SaaS (Software as a service) applications integrated with organization’s Azure Active directory.
Azure AD Connect is the most suitable way to connect your on-premises directory with Azure AD and Office 365. This is a good time to upgrade to Azure AD Connect from Windows Azure Active Directory Sync (DirSync) or Azure AD Sync as these tools are now deprecated and are no longer supported. Also
- Synchronizing users to Azure AD is a free feature and doesn’t require customers to have any paid subscription.
- Synchronized users are not automatically granted any license. Admins still have total control over the license assignment.
- Microsoft recommends IT admins to synchronize all their users. This not only unblocks the users to access any Azure AD integrated resource but also gives a much broader view for IT admins to see what applications their users are accessing.
The use case for Azure AD Connect, or why do we use this?
To make integrating On Premises (Prem) directory with Azure AD make your organization user more productive by providing the identity for accessing both on-prem and cloud resources. Users are most important assets in your origination’s IT department.
A couple of following advantage your organization can make off out of Azure AD Connection.
- Single tool to provide a smooth deployment experience for synchronization & sign-in.
- Users can use a single identity to access both on-premises applications and cloud services like Office 365.
- Its provide all newest capability for your use case/scenarios.
Now it’s important to understand that how Azure AD Connect works in real scenarios.
Azure AD connect is build up of three primary components as illustrated in below picture :
- The synchronization services.
- Optional Active Directory Federations services component.
- Monitoring component which named Azure AD Connect Health.
Let me deep dive into this further to share what these components do.
- Synchronization – This is responsible for creating users, groups, and other objects. It is also responsible for making sure identity information for your on-premises users and groups is matching the cloud.
- AD FS – Federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. This can be used by organizations to address complex deployments, such as domain join SSO, enforcement of AD sign-in policy, and smart card or 3rd party MFA.
- Health Monitoring – Azure AD Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity. For additional information, see Azure Active Directory Connect Health.
It’s recommended that you set up a standby server for quick failover in case a disaster occurs. Usually IT Prod/Admins make frequent configuration changes, so it’s better to plan for a staging mode server as well.
Pictures credit by Microsoft.
Contact YASH today to get a better understanding of how we can help you get more from your Microsoft investments.
Shiv Kishan Suthar -Technical Architect- IMS @ YASH Technologies
Technical Architect- IMS @ YASH Technologies