Microsoft: Cloud Identity Overview – Part 3 (Synchronisation)
As you will have read I have mentioned the reliance on an appliance named “AADConnect” for synchronisation of users, groups and contacts to Azure AD. So what is this synchronisation and why do we need it?. In a nutshell synchronisation is required for the following reasons.
- Provide on-premises integration – enables Azure AD to reflect what is in your on-premises Active Directory to provide a consistent user logon experience, provide the same experience in cloud versions of on-premises systems and secure cloud resources using the same security model you have defined within Active Directory.
- Provisioning lifecycle – automates the movesaddschanges that all customers have within their directory systems to Azure AD.
- Authentication Support – as mentioned above “AADConnect” also provides authentication support by either synchronising a “hash of a hash of a password” to support Password Hash Synchronisation or deploying the Pass Through Authentication connector . In addition it also supports the Federated Logon scenario and can automate the AD FS configuration.
You may beware that “AADConnect” is the latest name for this technology but previously has been named “AADSync” and “Dirsync”. The idea behind AADConnect is to have a simple “click next, next, next” appliance (installed on a single server) that sets up synchronisation to your requirements. There are lots of options you can set but I will cover common questions asked by customers.
Read the entire article here, Cloud Identity Overview – Part 3 (Synchronisation) – OnCloud
via the fine folks at Microsoft