Administrators can integrate the on-premises Active Directory in Windows Server with the cloud-based Microsoft...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Azure Active Directory. This feature lets a business manage both local and cloud access through a single common identity and access mechanism. Azure Active Directory Connect is Microsoft's tool designed to handle the AD integration.
Azure Active Directory (AD) Connect replaces older tools, such as Microsoft's DirSync and Azure AD Sync. Azure AD Connect is composed of three essential parts: synchronization, federation and monitoring. Sync Services handles synchronization; it creates users and groups, and ensures that local and cloud AD information matches. Businesses can use the AD Federation Services (AD FS) option to supply users with single sign-on access to systems or workloads located outside of the organization. AD FS establishes trust between two organizations and uses tokens to verify user identities. AD FS also supports more comprehensive security environments, such as smart card and multifactor authentication access. Federation also requires careful monitoring, so a health monitoring feature watches over AD FS and presents health information to administrators through the Azure portal.
However, synchronizing local and cloud Active Directory deployments can be a challenging endeavor, which should only be attempted by experienced administrators. Azure AD Connect must first be downloaded from Microsoft, and numerous prerequisites must be met in Azure, the local server environment, user accounts, and network configuration and connectivity.
Azure AD Connect needs to be installed and configured on the local Sync server. Administrators can opt for Express installation for a relatively simple, single AD forest, or custom installation for multi-forest AD, AD FS support and other advanced features. Administrators can also use this installation to set up Sync Services for Exchange hybrid deployments, with mailboxes in the cloud and on premises.
After installation, Azure AD Connect should be configured. Administrators can filter the users, contacts, groups and endpoint computers that are synchronized. Password synchronization allows the same user passwords to work on premises and in the cloud -- but managed in one location. Write-back features allow users to change or reset passwords in the cloud while using local policies; the new passwords will be written back to the local AD server. Similarly, configuring device write-back allows devices registered in the cloud to be conveyed back to the local AD server. Administrators can prevent accidental deletes that stop a large number of deletions at the same time. This can mitigate sweeping changes that inadvertently impact the entire environment.
Finally, Azure AD Connect installs with a robust default configuration, but administrators can tweak the configuration of Azure AD Connect to customize behaviors and operations to suit the specific environment.
Admins get more granular identity control in Windows Server 2016
Working Active Directory into a cloud environment
Using Azure Active Directory for hybrid cloud management
Dig Deeper on Microsoft Windows Azure and cloud computing
Related Q&A from Stephen J. Bigelow
VMware vSphere 6.5 takes an extra security step, building on UEFI secure boot with added cryptographic validation to all ESXi components.continue reading
Virtualization offers many advantages by abstracting workloads from hardware, but you may still need to find the VM host computer. You can do so ...continue reading
Live migration of VMs isn't a new technology, but vMotion encryption adds a unique layer of security because the user isn't encrypting the network.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.