Azure AD Connect for hybrid identity – a summary guide

We regularly run webinars on a variety of topics. A recent one, entitled How Azure AD Connect enables hybrid identity, garnered more interest than any I can remember (when measured by the number of attendees, the fact that they nearly all stayed until the end, and the number of superb questions posed.)

[Update March 2018: View the recording of our AAD Connect: Beyond the Wizard webinar during which an expert panel answered 30+ questions from attendees, and find out more about our new AAD Connect Masterclass.]

Azure AD Connect (AAD Connect) is a sync engine, based on the tried and tested Microsoft Identity Manager (MIM) – and yet very different from it in many ways. It is easy to set up for a number of scenarios, but if you get under the covers it can do a lot more. Here is a quick summary:

  • AAD Connect has some clever tricks, but it can’t do everything.
  • Its primary use is to connect on-premises Active Directory (AD) to in-cloud Azure AD, synchronizing users – including their passwords – and (optionally) groups.
  • You can use it in addition to MIM, but you do not have to have MIM.
  • There are some simple scenarios where you can extend it to do a “MIM-like” job – a good example is the inclusion of an HR feed as an authoritative source users to be provisioned into AD and AAD.
  • Where it replaces MIM, there may be license savings, but don’t assume that overall implementation costs are significantly impacted (the solution still needs to be designed, implemented and tested).
  • MIM is the serious workhorse that is still needed for any fancy password management beyond AD to AAD, for any “GALSync-like” scenario (e.g. where you are merging global address lists across AD forest), for anything involving the MIM portal (like SSPR or group management, white pages/enterprise directory, policy/set/workflow engine). However, some things done by the portal can be done in Azure AD instead (SSPR and group management).
  • Put another way, MIM is good for complex scenarios, where seasoned MIM consultants/developers would find the AAD Connect UI to be very limiting.
  • We can expect AAD Connect to develop, and perhaps we might extrapolate the ideas and imagine, one day, a cloud based synchronization service that is more AAD Connect-like than MIM-like.

If that’s whetted your appetite and you want to find out more, you can view a recording of my webinar here and it includes lots of demos.

And in this blog, ‘Azure AD Connect questions answered’, I answer some of the questions posed by those who attended the webinar.

Want more? We have training courses! AAD Connect Masterclass and an Azure AD training course. Learn to configure and implement AAD Connect yourself!