Azure AD Connect is an integral and essential part of a hybrid/cloud identity infrastructure. It is easy to install, but what’s actually going on under the hood?
This webinar, which was broadcast on 10 March 2020, is important viewing for system admins, identity consultants, cloud administrators, technical architects, system engineers, and identity developers.
On the panel were:
- Rob de Jong, Microsoft’s Senior Program Manager responsible for Azure AD Connect
- Andreas Kjellman, formerly MIM and Azure AD Connect Program Manager for Microsoft)
- James Cowling, CTO, Oxford Computer Group
- and me, Hugh Simpson-Wells, OCT’s CEO and Founder
Questions answered by the panel include:
- Can Azure be setup as a valid sts to authZ other web apps/APIs if I use pass thru Auth to replace our current ADFS?
- Do you have any information about Microsoft’s plan to move Azure AD Connect to the cloud?
- Can I use MS-DS-ConsistencyGuid for Groups?
- We are having an issue with a duplicate UserPrincipalName. When we look at this error the two User objects that it displays do not have a duplicate UserPrincipalName and are different. We have run some commands in Powershell as well as looked into our On-Prem AD and our Azure AD for clues to what may be causing this. Do you have any ideas?
- With a growing number of SaaS-based HR platforms and Microsoft building on the work begun with Workday, I’m interested to know if we’ll soon start to see the possibility to sync accounts down to AD rather than just AD to AAD.
- To sync, Azure AD Connect requires a user account. Can this account be locked down at all, or must it be a Global Admin? If it must be a Global Admin, can I tighten security in other ways? I feel uncomfortable with a Global Admin account basically sitting out there unused by humans.
- How to improve Azure sync time? Our current sync takes 40mins.
- Delegate read only access to sync service, and install sync service on a shared pc with no access to make changes.