Bob007
Prince Among Men
- Joined
- Dec 22, 2003
- Messages
- 585
I am currently working on companies desire to move to Office 365. Hybrid cloud services. email/office first and rolling out the other services thats comes with as time goes on.
Nothing amazing and not my first rodeo. What I would normally do is Active Directory Federation Services(ADFS) and Federation Proxy. Plug in DirSync and pretty much job done.
But resently Microsoft have released Azure Active Directory Connect. This will take your premise AD (PAD) and sync it with the Azure AD (AAD). Giving 3 options to sync all including Single Sign On (SSO).
Documentation for AAD Connect can be found here.
Connect Active Directory with Azure Active Directory.
But with Password Sync and Enable SSO should give me the required seemless user experiance they are looking for.
ADFS will only be used for Office 365. There is no future desire to leverage ADFS for anything else.
PAD 2003 function level so there will be no password writeback.
All AD changes will be carried out on PAD and synced to AAD.
So the question is.
To Fed or not to Fed?
Nothing amazing and not my first rodeo. What I would normally do is Active Directory Federation Services(ADFS) and Federation Proxy. Plug in DirSync and pretty much job done.
But resently Microsoft have released Azure Active Directory Connect. This will take your premise AD (PAD) and sync it with the Azure AD (AAD). Giving 3 options to sync all including Single Sign On (SSO).
Documentation for AAD Connect can be found here.
Connect Active Directory with Azure Active Directory.
But with Password Sync and Enable SSO should give me the required seemless user experiance they are looking for.
ADFS will only be used for Office 365. There is no future desire to leverage ADFS for anything else.
PAD 2003 function level so there will be no password writeback.
All AD changes will be carried out on PAD and synced to AAD.
So the question is.
To Fed or not to Fed?
I've decided to persue both routes for now and see what pans out in AAD connector as a stand alone. I can setup the fed service and proxy along side it and if it don't pan out I can reconfigure it and switch it over to the fed later or ditch the fed servers without having to license them.