Home

Agent for Identity Manager to sync to Azure AD

%3CLINGO-SUB%20id%3D%22lingo-sub-51779%22%20slang%3D%22en-US%22%3EAgent%20for%20Identity%20Manager%20to%20sync%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-51779%22%20slang%3D%22en-US%22%3E%3CP%3EI%20colleague%20asks%20if%20there%20is%20a%20way%20to%20use%20MIM%2FFIM%20to%20sync%20to%20Azure%20AD%3F%3C%2FP%3E%3CP%3EI%20recall%20that%20there%20used%20to%20be%20a%20FIM%20agent%20that%20you%20used%20in%20multi-forest%20scenarios.%26nbsp%3B%3C%2FP%3E%3CP%3EToday%20AAD%20Connect%20handles%20multi-forest.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20company%20already%20has%20Identify%20Manager%20deployed%20and%20uses%20it%20heavily%2C%20so%20they%20want%20use%20it%20instead%20of%20deploying%20Azure%20AD%20connect%20if%20possible.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-51779%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-60076%22%20slang%3D%22en-US%22%3ERe%3A%20Agent%20for%20Identity%20Manager%20to%20sync%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-60076%22%20slang%3D%22en-US%22%3E%3CP%3EYes%20highly%20recommended%20to%20run%20Azure%20AD%20Connect%20as%20your%20identity%20bridge%20between%20on%20premises%20and%20cloud%20as%20it%20is%20frequently%20updated%20in%20sync%20with%20updates%20in%20Azure%20AD%20as%20well%20as%20in%20Office%20365%20in%20hybrid%20mode.%20In%26nbsp%3Ba%20FIM%2FMIM%20instance%20these%20frequent%20updates%20on%20the%20connector%20could%20make%20updates%2Fchanges%20that%20affect%20other%20connectors%20and%20more%20often%20than%20not%20organizations%20really%20dont%20want%20to%20touch%20their%20configured%20connectors%20and%20sync%20schedules.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%20yes%20the%20best%20practice%20is%20to%20have%20Azure%20AD%20Connect%20be%20your%20connection%20between%20AD%20and%20Azure%20AD.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBrjann%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-53049%22%20slang%3D%22en-US%22%3ERe%3A%20Agent%20for%20Identity%20Manager%20to%20sync%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-53049%22%20slang%3D%22en-US%22%3E%3CP%3EEveryone%20is%20right%20that%20it%20is%20possible.%20That%20being%20said%2C%20the%20official%20recommendation%20is%20to%20deploy%20a%20seperate%20instance%20with%20Azure%20AD%20Connect.%20The%20features%20that%20get%20rolled%20into%20and%20released%20to%20Azure%20AD%20Connect%20often%20are%20unavailable%20using%20the%20Azure%20AD%20MA%20with%20MIM.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMore%20details%20on%20what's%20supported%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-hybrid-identity-design-considerations-tools-comparison%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-hybrid-identity-design-considerations-tools-comparison%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-52881%22%20slang%3D%22en-US%22%3ERe%3A%20Agent%20for%20Identity%20Manager%20to%20sync%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-52881%22%20slang%3D%22en-US%22%3E%3CP%3ELike%20Dean%20said%2C%20yes%20it%20is%20possible.%20You%20can%20also%20check%20%3CA%20href%3D%22https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fdn511001(v%3Dws.10).aspx%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EMSDN%3C%2FA%3E%3C%2FP%3E%3CP%3EOn%20this%20page%20you%20will%20find%20a%20guide%20to%20install%20and%20configure%20the%20connectors%20to%20azure%20ad%20connect%20services!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-52350%22%20slang%3D%22en-US%22%3ERe%3A%20Agent%20for%20Identity%20Manager%20to%20sync%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-52350%22%20slang%3D%22en-US%22%3E%3CP%3EYes%20that%20can%20be%20done.%20%40Spencer%20Harbar%20has%20an%20excellent%20presentation%20at%20Ignite%20last%20year%20on%20this%20topic%20%3CA%20href%3D%22https%3A%2F%2Fmyignite.microsoft.com%2Fvideos%2F1379%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyignite.microsoft.com%2Fvideos%2F1379%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Mats Warnolf
Contributor

I colleague asks if there is a way to use MIM/FIM to sync to Azure AD?

I recall that there used to be a FIM agent that you used in multi-forest scenarios. 

Today AAD Connect handles multi-forest.

 

This company already has Identify Manager deployed and uses it heavily, so they want use it instead of deploying Azure AD connect if possible. 

 

4 Replies

Yes that can be done. @Spencer Harbar has an excellent presentation at Ignite last year on this topic https://myignite.microsoft.com/videos/1379

Like Dean said, yes it is possible. You can also check MSDN

On this page you will find a guide to install and configure the connectors to azure ad connect services!

Everyone is right that it is possible. That being said, the official recommendation is to deploy a seperate instance with Azure AD Connect. The features that get rolled into and released to Azure AD Connect often are unavailable using the Azure AD MA with MIM.

 

More details on what's supported here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-hybrid-identity-design-cons...

Yes highly recommended to run Azure AD Connect as your identity bridge between on premises and cloud as it is frequently updated in sync with updates in Azure AD as well as in Office 365 in hybrid mode. In a FIM/MIM instance these frequent updates on the connector could make updates/changes that affect other connectors and more often than not organizations really dont want to touch their configured connectors and sync schedules.

 

So yes the best practice is to have Azure AD Connect be your connection between AD and Azure AD.

 

Brjann

 

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies