In this video, Brian Culp provides an overview of the Azure Active Directory (AAD) Connect tool, describes the capabilities of AAD Connect, and describes environments where the AAD Connect tool would typically be deployed.
- [Instructor] In this first section we will prepare Active Directory for use with Azure Active Directory Connect. So in this first section, we will mostly be talking about some of the concepts that go into setting the table before you do the installation of the actual Azure Active Directory Connect Tool. So for better or worse, we're going to be spending a lot of time just talking through the process before we get to the actual demonstration of the Azure Active Directory Connect tools and how it then facilitates synchronization.
We'll do most of the demonstration as this course continues. So again, we're looking at how to prepare the Active Directory environment for use with a cloud-based Office 365 implementation as we go through the lessons in this section. And so what I want to start with is identifying the three players, as it were, when you're using Azure Active Directory Connect. And the three players are Office 365, it is Azure Active Directory, and it is an on-premises installation of Active Directory on a Windows domain controller, and I say domain controller, I'm talking about a Windows server machine that has been configured in the role of a domain controller.
So this is a very common scenario. In this scenario, the organization has probably existed for a while and then has added an Office 365 subscription in order to support it's productivity software needs, which is just kind of the fancy way of saying that the company wants to run Office and it's had a domain controller for a while. So what now exists for that organization is that they have an Office 365 subscription, they have enabled Azure Active Directory as part of that subscription that supports that Office 365 tenant, and they have an on-site domain controller to handle log ins, security policies, software distribution policies, and so-on.
So, now we have two separate entities, we have the Azure Active Directory and we have the on-premises Active Directory, and we want to sync them up because we don't want to have an environment where we have users using one account to access Office 365 resources, and a separate account to log in and access internal IT resources. So the tool that makes this happen, of course is something called Azure Active Directory Connect, and it's actually the latest and greatest tool.
There was, once upon a time, other tools and they were actually sort of casing questions on those other tools. One of the names of the tools that preceded Azure Active Directory Connect was Azure Active Directory Sync. So here our the capabilities that Azure Active Directory Connect makes possible for an organization. When you're using using this tool, users can sign in using a single identity.
So you have one log in and that grants you access to all resources, whether they be internal resources, or Office 365 resources. Another capability is that you have a single tool for synchronization and sign in, and as I mentioned just a moment ago, the Azure Active Directory Connect Tool provides the newest capabilities. That tool that I just mentioned, Active Directory Sync, which was also known as DirSync, Directory Sync, it is now being deprecated as of April 2017.
So, if there is an organization that is currently using DirSync, they can still use DirSync, but the tool that you need to be aware of and you need to be learning in terms of practical administration and in terms of 70-346 preparation is the Azure Active Directory Connect Tool. Now, once you have downloaded and installed this in your environment and it's providing the synchronization services on your Active Directory Domain Controller with your Office 365 Azure Active Directory environment, these are the services that is provides.
It provides the synchronization services. This component is responsible for helping create and synchronize the user's groups and other objects in Active Directory. It's also responsible for making sure identity information for your on-premises users and groups is matching what exists in the cloud, or in other words in your Azure Active Directory environment. Another service that is provided by this tool is Active Directory Federation Services, now this is an optional part of Azure Active Directory Connect Tool and can be used to configure a hybrid environment by forwarding a log on request.
So a full discussion of that is beyond the scope of this course and in fact, it is the topic of another course in the Office 365 Administration track, there is a separate course that deals mostly with Azure Active Directory and Federation Services. The last component or service provided by this tool is health monitoring. Azure Active Directory Connect can provide robust monitoring and provide a central location in Azure Active Directory, in that portal on Office 365, where you can view health activity.
So that's another component of Azure Active Directory Connect that you should be aware of. Now in terms of this course, what we're going to be focusing mostly on is the synchronization services. What is provided, how it operates, and how we will, as administrators, configure those synchronization services.
- Active Directory Connect and Office 365
- Planning for non-routable domain names
- Cleaning up Active Directory objects
- Using the IDFix tool
- Filtering Active Directory
- Using AAD install
- Synchronizing passwords and attributes
- Creating and managing users and groups
- Scheduling and forcing AD synchronization