Microsoft Entra Cloud Sync is an agent-based identity sync tool that is configured and managed from the cloud. While it performs the same basic functions as Microsoft Entra Connect Sync (formerly Azure AD Connect), the architectures are radically different.
In its initial release on 5 December 2019, Microsoft was looking in particular to solve a use case for disconnected Active Directory that was previously impossible for Microsoft Entra Connect Sync (Azure AD Connect). The term ‘disconnected AD’ refers to an Active Directory that is not reachable on an organization’s network. We see this most commonly in mergers and acquisitions.
Subsequently, Microsoft Entra Cloud Sync has been developed as a replacement for Microsoft Entra Connect Sync – and it can do so in many circumstances.
However, there are things it cannot do, for example:
- No pass-through authentication (only password hash sync is supported)
- Device objects are not supported
- Connect to an (on-premises) LDAP directory
- Filter synchronization of objects based on attribute values
- Allow advanced customization for attribute flow
- Support custom Active Directory attributes are not supported,
- Support for group writeback
- Support for merging user attributes from multiple domains
- Allow an unlimited number of objects per AD domain
- Support for large groups with up to 250,000 members
We can make an educated guess that many of these bullets will disappear in time. In the meantime, do contact our sister company Oxford Computer Group if you need assistance.