Monday, April 10, 2017

Azure AD Connect

Evidently, to support Active Directory in Azure – for security and access control requirements – one  has to obtain, install, and configure the Azure AD Connect software on a Windows server (could be a VM) on one’s premises.

See please below the 2 technical notes:



This step requires someone that has global AD Admin. Rights – someone from IT Network Infrastructure.

This tool then acts as a proxy between the site-specific AD and the Azure AD.

Azure AD does not support multiple forests, there is no concept of Forests in Azure AD. It is completely flat.

I also read that the Azure AD Connect does not support LDAP.

While I think setting up a Web application within Azure is not overly complex, I think a full turn-key implementation is more complex as the functionality of the on premise IT Infrastructure needs to be investigated, mapped, and connected to Azure’s capabilities.

In case of multi-site organizations with many sites within the United States and also many sites externally in UK, Germany, Singapore, Angola – each with its own AD Forest – one has 2 choices available to oneself; either leverage Federation or flatten the organization into one Azure AD tenant.

AD Connect is pretty great if you use it for what it was designed for and it supports many different topologies. If it does not fit the customers requirements for some reason then,  "yes", federation using ADFS to Azure is another option.

More Reading:


https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologies


No comments:

Post a Comment