Implementing Identity Synchronization with Azure AD Connect Flashcards
What are the domain requirements for Azure AD Connect?
Forest functional level must be Windows Server 2008 or higher. Three accounts needed: local admin, Microsoft 365 global admin, on-premises AD enterprise admin.
What are the domain object requirements for Azure AD Connect?
Remove duplicate proxy addresses and email addresses. Eliminate questionable characters in fields like displayName, givenName, surname, sAMAccountName, and userPrincipalName. User must have a UPN that matches Azure domain.
What is the purpose of the IdFix tool in Azure AD Connect?
It identifies and fixes issues in on-premises AD accounts before syncing with Azure AD. Runs on Windows 7 or higher, requires access to read/write AD objects.
What is the master for making changes and edits to synced identities?
The on-prem AD structure.
What happens when an object is deleted on-prem?
It is soft deleted in Azure AD and can be restored within 30 days.
How can deleted objects be restored in Azure AD?
By enabling the AD Recycle Bin on the on-prem AD structure and waiting for the next sync cycle.
How are changes synchronized to Azure AD?
Through Azure AD Connect.
What is cloud-only authentication in Azure AD Connect?
It synchronizes the user account between on-premises and the cloud, but the password remains separate, requiring separate authentication.
How does password hash sync work in Azure AD Connect?
The hash of the on-premises password is synchronized to Azure AD, allowing for a single sign-on experience with the same password across both environments.
What is pass-through authentication in Azure AD Connect?
It involves installing a small agent on the AD Connect server to act as a bridge for authentication requests between on-premises and Azure AD, providing high availability without requiring manual updates.
What is ADFS (Active Directory Federation Services) in Azure AD Connect?
It passes authentication off to on-premises domain controllers through configured servers, relying on on-premises resources and requiring resilience for authentication to the cloud.