Forum Discussion

Taen keren's avatar
Taen keren
Iron Contributor
Mar 05, 2018
Solved

AD+ADFS+AAD

Hi 

 

Can anyone enlighten me about AD, ADFS & AAD - and how you have "moved" your users into O365? 

 

Have you synced all accounts from AD to AAD - or have you "prepared" the users first in AD e.g. by setting a extension attribute and then on ADFS configured a filter so only these users gets into the AAD - or?   

  • It really depends on what you are trying to achieve, if you'd like some consensus on how it's done generally, this is a great article if you haven't seen it already - https://cloudblogs.microsoft.com/enterprisemobility/2017/11/13/how-organizations-are-connecting-their-on-premises-identities-to-azure-ad/.

     

    https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication is a phenomenal https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-user-signin along with https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso, offering many of what were traditionally only available with AD FS and without the infrastructure downsides. 

     

    WIth the https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering, there is a lot of scope to onboard in whatever way works for a given situation. These include https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering#group-based-filtering and https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom#domain-and-ou-filtering.

1 Reply

  • Cian Allner's avatar
    Cian Allner
    Silver Contributor

    It really depends on what you are trying to achieve, if you'd like some consensus on how it's done generally, this is a great article if you haven't seen it already - https://cloudblogs.microsoft.com/enterprisemobility/2017/11/13/how-organizations-are-connecting-their-on-premises-identities-to-azure-ad/.

     

    https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication is a phenomenal https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-user-signin along with https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso, offering many of what were traditionally only available with AD FS and without the infrastructure downsides. 

     

    WIth the https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering, there is a lot of scope to onboard in whatever way works for a given situation. These include https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering#group-based-filtering and https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom#domain-and-ou-filtering.

Resources