HOME

TheInfoList



Click Here for Items Related To - Microsoft Entra Connect
OR:
Microsoft Entra Connect on:   [Wikipedia]   [Google]   [Amazon]

Microsoft Entra Connect (formerly known as Azure AD Connect) is a tool for connecting on-premises identity infrastructure to
Microsoft Entra ID Microsoft Entra ID (formerly known as Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution. It is a directory and identity management service that operates in the cloud and offers authen ...
. The wizard deploys and configures prerequisites and components required for the connection, including synchronization scheduling and authentication methods. Entra Connect encompasses functionality that was previously released as Dirsync and AAD Sync. These tools are no longer being released individually, and all future improvements will be included in updates to Entra Connect. Microsoft Entra Connect synchronizes on-premises objects present in
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Direct ...
to a corresponding Azure AD service within a
Microsoft 365 Microsoft 365 (previously called Office 365) is a product family of productivity software, collaboration and Cloud computing, cloud-based Software as a service, services owned by Microsoft. It encompasses online services such as Outlook.com, One ...
tenant. Supported on-premise objects include user accounts, group memberships, and credential hashes. Synchronization can be configured to operate in two directional flow configurations. In a one-way configuration changes to an object on-premise updates the corresponding object in Azure AD. Two-way or bidirectional synchronization configurations allow for object changes to be made either on-premise or within Azure AD/Microsoft 365 and update the corresponding object on the opposite end. Azure AD Connect (now Entra Connect) GA was released to the public on 24 June 2015 and is currently on Version 2.1.16.0. On 31 August 2022 all 1.x versions of Azure AD Connect were retired. On 15 March 2023 Versions 2.0.3.0 through 2.0.91.0 will be retired. The current release offers the following high level options:


Dirsync upgrade

Organizations with an existing Dirsync deployment can upgrade in place (for directories with less than 50,000 objects) or otherwise migrate their Dirsync settings to Entra Connect.


Express settings

Express Settings is the default option and deploys sync with the password hash sync option for a single-domain, single-forest on-premise Active Directory domain. This allows for authentication and authorization to resources in Azure/Microsoft 365 based on Active Directory passwords.


Custom settings

With custom settings, the administrator can connect one or multiple Active Directory domains and forests and choose between password hash sync, pass-through authentication, and Active Directory Federation Services (AD FS) for authentication. Custom settings also allows the administrator to choose sync options such as password reset write back and Exchange hybrid deployments.


Key features


What it does

When an administrator installs and runs the Microsoft Entra Connect wizard, it performs the following steps: # Installs pre-requisites like the .NET Framework, Azure Active Directory
Powershell PowerShell is a shell program developed by Microsoft for task automation and configuration management. As is typical for a shell, it provides a command-line interpreter for interactive use and a script interpreter for automation via a langu ...
Module and Microsoft Online Services Sign-In Assistant # Installs and configures the sync component (formerly named AAD Sync), for one or multiple Active Directory forests, and enables synchronization in the Azure AD tenant # Configures either password hash sync or AD FS with Web Application proxy, depending on which authentication option the administrator has chosen, and including any required configuration in Azure


Use with PowerShell

The Azure AD PowerShell module allows administrators granular control over synchronization behaviors. To begin working with the Azure AD PowerShell module it must be imported: Import-Module AzureAD To manually run a synchronization with current configurations: #Specify Delta to only synchronize objects that have been updated since the most recent synchronization Start-AADSyncSyncCycle -PolicyType Delta #Specify Initial to synchronize all objects Start-AADSyncSyncCycle -PolicyType Initial To retrieve current synchronization schedule settings: #Display synchronization schedule configuration settings Get-ADSyncScheduler <# AllowedSyncCycleInterval : hh:mm:ss CurrentlyEffectiveSyncCycleInterval : hh:mm:ss CustomizedSyncCycleInterval : hh:mm:ss NextSyncCyclePolicyType : Delta/Initial NextSyncCycleStartTimeInUTC : MM/DD/YYY hh:mm:ss AM/PM PurgeRunHistoryInterval : DD:hh:mm:ss SyncCycleEnabled : True/False MaintenanceEnabled : True/False StagingModeEnabled: : True/False SchedulerSuspended: : True/False #> To change the current synchronization schedule settings: Set-ADSyncScheduler -$Setting $Value


References

{{Microsoft Azure Services Platform Microsoft cloud services