June 14, 2014 Leave a comment
Microsoft is actively working on enhancements to connect on-premises Active Directory to Azure Active Directory.
DirSync and Active Directory Federation Services are two options to connect both. DirSync can now be used as a backup for ADFS. See my post here.
Microsoft is working on a replacement for DirSync. DirSync is a software tool used to synchronize objects located in an on-premises, single forest Active Directory to Azure Active Directory. Azure Active Directory is the Microsoft multi-tenent cloud version of Active Directory used for identity management for services like Office 365.
DirSync is basically an implementation of Forefront Identity Manage but with limited features. For example it is not able to sync objects of multiple on-premises AD forests nor is it able to handle multiple Exchange organizations.
To support these scenarios enterprises are at the moment required to use Forefront Identity Manager. However, configuring FIM can be challenging and can take considerable time.
The new tool which replaces DirSync will be named Azure Active Directory Sync Services or AADSync. AADSync significantly simplifies the configuration and makes it more predictive.
Microsoft Azure Active Directory Sync Services (AADSync) is used to onboard an on-prem environment to Windows Azure Active Directory and Office 365 and continue to synchronize changes. It is used for more advanced scenarios where DirSync does not provide support, for example multiple on-prem AD forests. At the moment AADSync does not support multiple Azure subscriptions.
AADSync will also be able to synchronize Exchange Global Address Lists. Support for PowerShell is also available, it has about 58 commands.
Microsoft Azure Active Directory Sync Services is currently available in customer technology preview (CTP). This is a first beta release.
You can join the Azure Active Directory Sync Services preview here. The AADSync preview will then be added to your Microsoft Connect account. Through this you will be able to download the most recent version, get information on known issues and updates, as well as provide feedback.
Currently AADSync is in beta. You may not use this release in a production environment unless agreed to by Microsoft. For customers participating in the TAP program, the beta can be used in production.
To be considered for the TAP program, please contact the feedback alias AADSyncFB@microsoft.com.
Mind AADSync does not have these features at the moment:
- Exchange hybrid co-existence is not available.
- Compared to DirSync, the following features are not available:
- Password synchronization
- Self-service password reset write-bac
More information on AADSync here.
Documentation on AADSync can be found here