Implement and Manage Identities Using Azure AD Flashcards
What is Azure AD Connect?
• Integrates AD on-prem with Azure AD
• Tool to configure AD synchronization and sign-in
• Implements use of same login credentials
• Replaces older identity integration tools
○ Replaces Dirsyncs and Azure AD Sync, it contains the functionality but with some added features.
What components are required for Azure AD connect?
○ O365 subscription
○ Azure AD within the subscription
○ On-premises domain controller with AD
What tools do you get when you install Azure AD connect?
Synchronisation
Active Directory Federation Services (AD FS)
Health Monitoring
What does synchronisation tool do?
○ Responsible for creating user groups and other object.
Will also make sure that the on-premises identity information is matching with the information in the cloud.
What does the AD FS tool do?
Can use this to configure a hybrid environment. Used more for a complex environment.
What does the health monitoring tool do?
○ Central repository to view the Azure AD connect health.
○ Health Portal shows what’s happening for the following:
§ AD FS
§ Synchronisation
§ AD DS (Active Directory Directory Services)
§ Need to install Health agents on the target servers that you want the tool to run on.
Does Azure AD connect sync expired accounts?
• Azure AD Connect does not synchronise the accountExpires attribute. Therefore if a users account expires on prem they will still be able to login to exchange but not to on-prem.
What does the IDFIX tool do?
○ Can download this from Microsoft website.
§ Locate, Download and install tool
○ Will look through the environment and identify errors that may possibly occur during the synchronisation. Such as:
§ Duplicates
§ Formatting errors
§ Attempts to repair object to prepare for sync
□ Will do this prior to the synchronisation to O365
□ Depending on the error it may even try fix the issue for you.
What is OBJModel (Azure right management (Exchange online))?
Right to enable the option to run macros and to remotely access email content. This also allows for other programmatic access to email content.
What is Forward (Azure right management (Exchange online))?
Right to enable the option to edit the To: CC: lines in an email and to resent the email to another organisation that uses the Outlook Web App. Granting this right also grants the EDIT and DOCEDIT rights. No rights are granted to any users added as recipients through this right.
What is Export (Azure right management (Exchange online))?
Right to enable the option to save the email as an unencrypted form. It enables saving the email under a different name and in a format that does not support encryption. If not granted, an email can still be saved in a different format, but only if the format supports Rights Management protection, including encryption.
What is Edit (Azure right management (Exchange online))?
○ Right to enable the option of modify the contents of an email and save the changes. Any documents to which this right is granted must be saved to the same location.
What is DOCEDIT (Azure right management (Exchange online))?
○ This right lets your modify and format the content, but does not let you save the changes.
What is Owner (Azure right management (Exchange online))?
This grants all rights to remove protection.
What is Reply (Azure right management (Exchange online))?
This grants the right to reply to one on more of the message recipients and add new content, but does not let you modify the To: or CC field.