Everything you ever wanted to know about Azure AD Connect but were afraid to ask!

Azure AD Connect is an integral and essential part of a hybrid/cloud identity infrastructure. It is easy to install, but what’s actually going on under the hood?

Azure AD Connect questions answered by expert panel in webinar recording
Microsoft’s Rob de Jong, Senior PM for Azure AD Connect, plus Hugh, James, Andreas answer questions about Azure AD Connect

In this webinar recording, our panel of experts – including three who developed our Azure AD Connect Masterclass – shared their expertise and answered a wide range of questions from participants.

This webinar, which was broadcast on 10 March 2020, is important viewing for system admins, identity consultants, cloud administrators, technical architects, system engineers, and identity developers.

On the panel were:

  • Rob de Jong, Microsoft’s Senior Program Manager responsible for Azure AD Connect
  • Andreas Kjellman, formerly MIM and Azure AD Connect Program Manager for Microsoft)
  • James Cowling, CTO, Oxford Computer Group
  • and me, Hugh Simpson-Wells,  OCT’s CEO and Founder

Questions answered by the panel include:

  • Can Azure be setup as a valid sts to authZ other web apps/APIs if I use pass thru Auth to replace our current ADFS?
  • Do you have any information about Microsoft’s plan to move Azure AD Connect to the cloud?
  • Can I use MS-DS-ConsistencyGuid for Groups?
  • We are having an issue with a duplicate UserPrincipalName. When we look at this error the two User objects that it displays do not have a duplicate UserPrincipalName and are different. We have run some commands in Powershell as well as looked into our On-Prem AD and our Azure AD for clues to what may be causing this. Do you have any ideas?
  • With a growing number of SaaS-based HR platforms and Microsoft building on the work begun with Workday, I’m interested to know if we’ll soon start to see the possibility to sync accounts down to AD rather than just AD to AAD.
  • To sync, Azure AD Connect requires a user account. Can this account be locked down at all, or must it be a Global Admin? If it must be a Global Admin, can I tighten security in other ways? I feel uncomfortable with a Global Admin account basically sitting out there unused by humans.
  • How to improve Azure sync time? Our current sync takes 40mins.
  • Delegate read only access to sync service, and install sync service on a shared pc with no access to make changes.

See also this blog in which I have set out the answers, and also answered some additional ones.

Everything you ever wanted to know about Azure AD Connect but were afraid to ask webinar recording - watch it now!


New! Azure AD Connect Video Training Series

Learn exactly what you need to know about Azure AD Connect, when you need to know it, in our new series of highly practical video training courses.

READ MORE ABOUT Azure AD Connect Video Training