Azure AD Connect resources

The Microsoft replacement of Dirsync and AADSync is called AAD Connect.This new tool will install and configure the new Azure AD Synchronization Services (AAD Sync) and also the ability to deploy, install and configure AD Federated Services for authentication as well as Password Sync.

Azure AD connect download: http://www.microsoft.com/en-us/download/details.aspx?id=47594

Azure AD connect version history: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-version-history/

Understanding concepts: Full Import, Full Synchronization, Delta Import, Delta Synchronization, Connector Space, Metaverse ; https://blogs.msdn.microsoft.com/connector_space/2015/09/28/the-complete-synchronization-process-part-4-deltafull-importsynchronization-explained/

Azure AD connect install: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/

Azure AD connect custom install: https://github.com/Azure/azure-content/blob/master/articles/active-directory/active-directory-aadconnect-get-started-custom.md

Azure AD connect health: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-health/

Azure AD connect health agent installation: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-health-agent-install/

Azure AD connect “high availability” (in reality it is called “staging mode”): https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-operations/#staging-mode

How to uninstall manually AADConnect: https://blogs.msdn.microsoft.com/vilath/2015/06/17/azure-ad-sync-unable-to-install-the-synchronization-service/

AADConnect user accounts and permissions: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-accounts-permissions/

Enable TLS 1.2 for AADConnect: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/#enable-tls-12-for-azure-ad-connect

Azure AD powerShell cmdlets:

https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx

http://social.technet.microsoft.com/wiki/contents/articles/28552.microsoft-azure-active-directory-powershell-module-version-release-history.aspx

Azure AD connect:

  • Azure AD Connect requires a SQL Server database to store identity data. By default a SQL Server 2012 Express LocalDB (a light version of SQL Server Express: https://www.mssqltips.com/sqlservertip/2694/getting-started-with-sql-server-2012-express-localdb/) is installed and the service account for the service is created on the local machine. SQL Server Express has a 10GB size limit that enables you to manage approximately 100,000 objects. If you need to manage a higher volume of directory objects, you need to point the installation wizard to a different installation of SQL Server.
  • If you use a separate SQL Server, then these requirements apply:
    • Azure AD Connect supports all flavors of Microsoft SQL Server from SQL Server 2008 (with SP4) to SQL Server 2014. Microsoft Azure SQL Database is not supported as a database.
    • You must use a case-insensitive SQL collation. These are identified with a _CI_ in their name. It is not supported to use a case-sensitive collation, identified by _CS_ in their name.
    • You can only have one sync engine per database instance. It is not supported to share the database instance with FIM/MIM Sync, DirSync, or Azure AD Sync.

PREVIOUSLY:

Previous articles:

http://redmondmag.com/articles/2014/12/15/azure-ad-connect-preview.aspx

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-health/

https://msdn.microsoft.com/library/azure/dn906722.aspx

http://blogs.technet.com/b/ad/archive/2015/03/26/what-s-the-best-way-to-connect-to-office365-and-azure.aspx

 

Azure AD Sync Services

AADSync has been released in Oct 2014.

Azure AD Sync is optimized for all organizations to easily on-board to Azure and take advantage of both Microsoft online services such as O365 and a world of connected SaaS applications.

http://windowsitpro.com/azure/azure-ad-sync-service-released-makes-dirsync-and-fim-obsolete

Azure AD Sync Services is slated to get a number of new capabilities that DirSync and Forefront Identity Manager 2010 R2 won’t get.

Azure AD Sync Services can do some things that DirSync can’t. It can synchronize multiforest AD environments. It can sync a small set of user attributes. It can also map multiple Exchange deployments to a single Azure AD tenant.

However, Azure AD Sync Services currently lacks a few of DirSync’s capabilities. etc…

AADSync download: http://www.microsoft.com/en-us/download/details.aspx?id=44225

AADSync setup: https://msdn.microsoft.com/en-us/library/azure/dn790204.aspx