Bring identities from disconnected ADs into Azure AD with just a few clicks!

Published Dec 05 2019 10:30 AM 31.6K Views

Howdy folks,

 

Today we’ve got some amazingly cool news to share.

 

If you work in a large enterprise, you probably already know how big the challenges can be when your company makes an acquisition and you suddenly get asked to provide cloud identity services to an entirely new business group, usually one with their own set of Active Directory domains and forests.

 

If this is a challenge you face, I’m excited to let you know about the public preview of Azure AD Connect cloud provisioning!

 

With cloud provisioning, customers can easily provision identities from multiple disconnected AD forest to Azure AD. Azure AD Connect cloud provisioning moves the heavy lifting for provisioning from AD to Azure AD to the cloud with lightweight agents on-premises and provides the following benefits:

  • Helps with provisioning from disconnected AD forests to Azure AD—Organizations may have disconnected AD forests due to mergers and acquisitions or remote office locations. Whatever the reason may be, cloud provisioning allows you to quickly integrate these multiple disconnected AD forests into an Azure AD tenant.
  • Reduces on-premises footprint—The provisioning agent is a lightweight agent with the sync complexity (configuration and processing) in the cloud.
  • Enterprise grade high availability—Multiple provisioning agents can be deployed to ensure high availability for provisioning especially for password hash sync.

Give cloud provisioning a try

Setting up cloud provisioning is a two-step process. The first step is to install the lightweight provisioning agent on a domain joined server (or server VM). The second step is to configure cloud provisioning in the Azure portal.

Step 1: Install the provisioning agent

Before you install the Azure AD Provisioning agent, complete the prerequisites.

  1. In the Azure AD Connect experience, click Manage provisioning (preview).

    Azure AD Connect cloud provisioning 1.png

  2.  On a domain joined Windows server, click the Download agent button to download the Azure AD provisioning agent.  

    Azure AD Connect cloud provisioning 2.png
  3.  Follow the wizard steps to install the provisioning agent package.

    Azure AD Connect cloud provisioning 3.png

4. Once the agent is installed, you’re ready to configure provisioning in the Azure portal. 

Azure AD Connect cloud provisioning 4.png


Step 2: Configure cloud provisioning

  1. In the Azure AD Connect experience, click Manage provisioning (preview).

    Azure AD Connect cloud provisioning 5.png
     
  2. Click + New configuration.

    Azure AD Connect cloud provisioning 6.png

  3. Click Enable to apply the configuration.

    Azure AD Connect cloud provisioning 7.png

  4. Save the configuration. The AD changes are now provisioned to Azure AD every two minutes. For more guidance on how to get started, checkout the Azure AD Connect cloud provisioning tutorials.

 

Now that you’re familiar with cloud provisioning, let’s take a look at what features are currently supported.

Azure AD Connect cloud provisioning capabilities

Azure AD Connect cloud provisioning public preview supports the following capabilities:

Azure AD Connect cloud provisioning 8.png

 

To learn more, check out the Azure AD Connect cloud provisioning documentation.

Let us know what you think

We’re just getting started and would love to get your feedback on the current set of capabilities and what more you need. Please give us your feedback in our Azure AD UserVoice feedback forum or in the comments below. We look forward to hearing from you!

Best regards,

Alex Simons ( @Alex_A_Simons )

Corporate VP of Program Management

Microsoft Identity Division

38 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-1051453%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1051453%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20we%20use%20this%20as%20another%20Azure%20AD%20connect%20as%20our%20HA%20strategy%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1051681%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1051681%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F113495%22%20target%3D%22_blank%22%3E%40Ron%20Argame%3C%2FA%3E%26nbsp%3B%20-%20This%20is%20a%20great%20scenario%20which%20we%20currently%20do%20not%20support.%20In%20the%20current%20co-existence%20model%2C%20the%20user%20must%20be%20in%20scope%20for%26nbsp%3B%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20cursor%3A%20text%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3Eonly%20%3C%2FSPAN%3E%20one%20tool%20(either%20sync%20or%20cloud%20provisioning).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1052061%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1052061%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F216408%22%20target%3D%22_blank%22%3E%40Nitika%20Gupta%3C%2FA%3E%26nbsp%3B%20Thanks%20for%20the%20reply.%20Will%20there%20be%20an%20option%20to%20have%20HA%20on%20Azure%20AD%20Connect%3F%20Having%20300K%2B%20objects%20to%20sync%20from%20on%20premise%20AD%20to%20Azure%20AD%20is%20really%20a%20big%20down%20time%20if%20you%20only%20have%20one%20Azure%20AD%20Connect%20(excluding%20the%20staging).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20replace%20Azure%20AD%20Connect%20with%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1052321%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1052321%22%20slang%3D%22en-US%22%3EGreat%20work%20for%20the%20early%20stage.%20I%20see%20two%20pain%20point%20that%20should%20be%20addressed%20very%20quickly%20in%20order%20implement%20that%20at%20customers%3A%201.%20Support%20Sync%20of%20devices%2C%20otherwise%20we%20are%20not%20able%20to%20do%20hybrid%20AAD%20join%20of%20devices%20when%20using%20PHS%2FSSO%202.%20Support%20writeback%20of%20passwords%2C%20otherwise%20we%20cannot%20user%20Azure%20SSPR%20which%20is%20an%20requirement%20also%20to%20go%20password-less%20a%20smaller%20pain%20point%20is%20the%20support%20of%20synchronize%20nested%20groups%20because%20lot%20of%20customer%20have%20nested%20groups%20as%20they%20followed%20the%20good%20old%20onPrem%20AD%20%22rules%22%20and%20do%20AGDLP%20(or%20AGLP)%20%3B)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1052471%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1052471%22%20slang%3D%22en-US%22%3E%3CP%3EI%20tried%20to%20configure%20this%20in%20my%20lab%20environment%20this%20morning%20and%20get%20an%20error%20when%20creating%20the%20provisioning%20task.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22fxs-notificationmenu-notification-title%22%3E%3CDIV%20class%3D%22fxs-notificationmenu-notification-title-text%20msportalfx-tooltip-overflow%22%3ECloud%20provisioning%20configuration%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22fxs-notificationmenu-notification-description%20fxs-portal-title%20msportalfx-tooltip-overflow%22%3EAn%20unexpected%20error%20occurred.%20Please%20refresh%20and%20try%20again.%20Request%20id%3A%20b52590ef-ca33-405c-b089-37f1d096d75e%2C%20Time%3A%202019-12-06T10%3A15%3A19%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1052495%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1052495%22%20slang%3D%22en-US%22%3E%3CP%3EI%20also%20get%20this%20error%2C%20but%20if%20I%20tried%20it%20again%20(save%20again)%2C%20it%20worked.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1052511%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1052511%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20tried%20quite%20a%20few%20times%20and%20still%20get%20the%20error%2C%20will%20keep%20trying.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1052692%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1052692%22%20slang%3D%22en-US%22%3E%3CP%3EGot%20it%20working%20after%20re-installing%20the%20provisioning%20agent%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1052628%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1052628%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20great%20and%20I%20have%20long%20been%20waiting%20for%20this!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1052758%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1052758%22%20slang%3D%22en-US%22%3E%3CP%3EWould%20be%20great%20to%20have%20some%20technical%20deep%20dive%20documentation%20on%20this%2C%20so%20mainly%20how%20does%20the%20Connector%20work%20exactly%2C%20how%20does%20(if)%20the%20connector%20get%20the%20config%20on%20what%20to%20do.%20How%20does%20it%20read%20AD%20data%20and%20how%20is%20that%20written%20to%20AAD%20(seams%20to%20be%20SCIM%20from%20the%20binaries%20I%20found%20in%20the%20install%20folder)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1053120%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1053120%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F37668%22%20target%3D%22_blank%22%3E%40Richard%20Innes%3C%2FA%3E%26nbsp%3B%20-%20thanks%20for%20sharing%20the%20error%20details.%20We%20will%20investigate%20why%20it%20failed%20and%20improve%20the%20experience.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1053124%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1053124%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F588%22%20target%3D%22_blank%22%3E%40Peter%20Stapf%3C%2FA%3E%20-%20Thanks%20for%20the%20feedback!%20We%20will%20get%20a%20technical%20deep%20dive%20document%20published%20soon.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1053135%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1053135%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F113495%22%20target%3D%22_blank%22%3E%40Ron%20Argame%3C%2FA%3E%26nbsp%3B%20-%20We%20are%20just%20getting%20started%20with%20cloud%20provisioning.%20As%20we%20GA%20cloud%20provisioning%20and%20add%20more%20capabilities%2C%20you%20can%20evaluate%20if%20cloud%20provisioning%20meets%20all%20your%20feature%20needs%20and%20migrate%20from%20sync%20to%20cloud%20provisioning.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1053153%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1053153%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F110561%22%20target%3D%22_blank%22%3E%40Peter%20Stapf%3C%2FA%3E%20-%20Thanks%20for%20the%20feature%20asks.%20Both%20password%20writeback%20and%20syncing%20computer%20objects%20to%20Azure%20AD%20are%20top%20of%20mind%20feature%20improvements%20for%20cloud%20provisioning.%20Keep%20the%20feedback%20coming!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1053846%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1053846%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20also%20comes%20to%20my%20mind%20is%20filtering%2C%20currently%20I%20see%20a%20lot%20of%20log%20entries%20of%20Type%3A%20Other%20with%20Status%3A%20failure.%3C%2FP%3E%3CP%3EI%20assume%20that%20are%20all%20the%20objects%20from%20AD%20that%20do%20not%20fit%20into%20the%20scope%20filter%20(OU%20based%20on%20my%20config).%3C%2FP%3E%3CP%3EWould%20be%20great%20if%20that%20filter%20already%20would%20work%20on%20the%20connector%20where%20you%20read%20the%20objects%2C%20so%20they%20will%20not%20transmitted%20to%20the%20sync%20engine%20in%20the%20cloud.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20might%20be%20lot%20of%20objects%20onPrem%20that%20never%20will%20synched%20to%20AAD%2C%20I%20have%20lots%20of%20customers%20that%20for%20example%20only%20need%20to%20sync%2010-30%20percent%20of%20all%20groups%20to%20AAD%2C%20there%20are%20also%20lots%20of%20service%20accounts%20onPrem%20never%20need%20an%20sync.%3C%2FP%3E%3CP%3EGood%20first%20option%20could%20be%20to%20configure%20an%20additonal%20OU%20filter%20on%20the%20connector%2C%20while%20later%20on%20the%20config%20done%20in%20AAD%20(filtering%2Fscoping%20part)%20should%20be%20replicated%20down%20to%20the%20connector.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1054605%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1054605%22%20slang%3D%22en-US%22%3E%3CP%3EI%E2%80%99m%20hugely%20excited%20for%20this...%20as%20I%20have%20been%20since%20first%20hearing%26nbsp%3Babout%20it%20at%20Ignite.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EOne%20of%20the%20biggest%20challenges%20we%20face%20-%20and%20obviously%20we%E2%80%99re%20not%20alone%20-%20are%20merger%20%2F%20acquisition%20scenarios%20that%20involve%20distributed%20Active%20Directory%20environments.%20The%20prep%20work%20required%20to%20connect%20environments%20to%20a%20single%20AADC%20instance%20is%20often%20complex%2C%20and%20not%20always%20desired%20by%20organisations%20(who%20increasingly%20want%20to%20use%20the%20cloud%20to%20collaborate%20vs.%20traditional%20migration%20focussed%20coming%20togethers).%20This%20is%20%3CSTRONG%3E%3CEM%3Esuch%3C%2FEM%3E%3C%2FSTRONG%3E%20a%20significant%20step%20forwards%20in%20addressing%2C%20simplifying%2C%20and%20providing%20flexibility%20to%20organisations%20who%20face%20consolidation%20challenges.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EThank%20you%20Identity%20team!%20%3Athumbs_up%3A%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055814%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055814%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20looking%20for%20documentation%20on%20how%20to%20enable%20seamless%20SSO%20with%20PHS%20in%20AAD%20Connect%20Cloud%20Provisioning.%20Can%20someone%20share%20a%20link%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055816%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055816%22%20slang%3D%22en-US%22%3E%3CP%3ECurrently%20we%20sync%20users%20from%20multiple%20domains%20to%20AAD%20and%20all%20the%20users%20use%20the%20tenant.onmicrosoft.com%20usernames.%20I%20cant%20seem%20to%20see%20the%20source%20domain%20for%20a%20particular%20user%20in%20AAD.%20Would%20be%20great%20to%20have%20this%20capability%20in%20a%20production%20environment.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055881%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055881%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20SSO%20you%20can%20follow%20the%20steps%20of%20Resetting%20the%20SSO%20feature%2C%20but%20without%20the%20%22Disabled%22%20part.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-sso%23manual-reset-of-the-feature%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-sso%23manual-reset-of-the-feature%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20you%20need%20to%20extract%20the%20Azure%20AD%20SSO%20Module%20from%20an%20installation%20of%20AADC.%3C%2FP%3E%3CP%3E%3CSPAN%3EAzureADSSO.psd1%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1056614%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1056614%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20Feature%2C%20couple%20of%20questions%20so%20we%20can%20start%20to%20use%20it%20in%20production%20environment%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EEstimated%20date%20on%20when%20device%20Sync%20for%20Hybrid%20Devices%20will%20be%20available%3C%2FLI%3E%3CLI%3EEstimated%20date%20on%20when%20Password%20WriteBack%20will%20be%20available%3C%2FLI%3E%3CLI%3EWhen%20is%20GA%20scheduled%20%3F%3C%2FLI%3E%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1057251%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1057251%22%20slang%3D%22en-US%22%3E%3CP%3EExample%3A%3CBR%20%2F%3EA%20Company%20makes%20an%20acquisition%20and%20Azure%20AD%20is%20already%20in%20use%20there.%3CBR%20%2F%3EHow%20can%20the%20aqirierte%20company%20be%20integrated%3F%3CBR%20%2F%3EIs%20there%20an%20Azure%20AD%20to%20Azure%20AD%20migration%20scenario%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGoal%3A%3CBR%20%2F%3ESubsidiary%20Company%20migrate%20Azure%20AD%20to%20Headquarters%20Azure%20AD%3CBR%20%2F%3ESubsidiary%20Company%20is%20integrated%20with%20AAD%20Connect%20Provisioning%20Agent%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1057585%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1057585%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20documentation%20clearly%20states%20that%20%22%3C%2FSPAN%3E%3CSPAN%3EMatching%20across%20forests%20does%20not%20occur%20with%20cloud%20provisioning%22.%20This%20would%20be%20a%20great%20feature.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EScenario%3A%3C%2FP%3E%3CP%3EHeadquarter%20AAD%20already%20has%20users%20from%20all%20subsidiaries%20synced%20from%20HQ%20AD.%3C%2FP%3E%3CP%3ENow%20we%20would%20like%20to%20install%20Cloud%20Provisioning%20agents%20in%20the%20subsidiaries%20AD's%20to%20allow%20the%20subsidiaries%20users%20to%20use%20Seamless%20SSO%20%26amp%3B%20PHS.%3C%2FP%3E%3CP%3EThey%20should%20use%20their%20existing%20User%20in%20HQ%20AAD%20though.%20So%20matching%20would%20be%20neccessary.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20would%20allow%20the%20subsidiaries%20users%20to%20access%20HQ%20On-Prem%20applications%20as%20well%2C%20using%20Citrix%20or%20AAD%20App%20Proxy%20for%20example.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1058659%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1058659%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F110561%22%20target%3D%22_blank%22%3E%40Peter%20Stapf%3C%2FA%3E%26nbsp%3B%20-%20good%20feedback%20on%20the%20provisioning%20logs%20and%20scoping.%20We%20are%20looking%20into%20product%20improvements%20to%20address%20the%20lack%20of%20clarity%20of%20the%20log%20entries%20of%20Type%3AOther.%20Also%2C%20we%20will%20document%20how%20scoping%20in%20our%20public%20documentation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1058662%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1058662%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F479983%22%20target%3D%22_blank%22%3E%40MuellerMartin%3C%2FA%3E%26nbsp%3B%20-%20thanks%20for%20the%20feedback.%20To%20ensure%20I%20understand%20the%20ask%2C%20you'd%20like%20to%20see%20the%20source%20domain%20in%20the%20Azure%20AD%20user%20management%20experience%2C%20right%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1058668%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1058668%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F483254%22%20target%3D%22_blank%22%3E%40adalgeirsson%3C%2FA%3E%20-%20Unfortunately%2C%20I%20cannot%20share%20timelines%20for%20the%20feature%20improvements%20and%20GA.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1058694%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1058694%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F479983%22%20target%3D%22_blank%22%3E%40MuellerMartin%3C%2FA%3E%26nbsp%3B%20-%20This%20is%20a%20great%20use%20case.%20It%20will%20allow%20customers%20to%20not%20just%20enable%20PHS%20but%20also%20use%20Azure%20AD%20Premium%20features%20like%20self-service%20password%20reset%20(once%20cloud%20provisioning%20supports%20it).%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1058789%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1058789%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F216408%22%20target%3D%22_blank%22%3E%40Nitika%20Gupta%3C%2FA%3E%26nbsp%3Bcoming%20back%20to%20one%20of%20my%20previous%20answers%2C%20I%20have%20a%20feature%20request%3A%3C%2FP%3E%3CP%3EThe%20Azure-ADSSO%20(%3CSPAN%3EAzureADSSO.psd1)%20Module%20from%20AADC%20should%20be%20made%20available%20as%20a%20stand-alone%20module%20downloadable%20from%20the%20PS%20gallery.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%20enabling%20Seamless%20SSO%20in%20Cloud%20Provision%20scenario%20without%20having%20an%20full%20AADC%20installed%20somewhere%20is%20made%20possible.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EOf%20course%20some%20documentation%20enhancements%20on%20how%20to%20use%20them%20in%20Cloud%20Provision%20scenario.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%2FPeter%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1059727%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1059727%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F216408%22%20target%3D%22_blank%22%3E%40Nitika%20Gupta%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20exactly.%20As%20long%20as%20users%20are%20not%20matched%2C%20there%20is%20the%20potential%20to%20have%20multiple%20users%20from%20multiple%20source%20domains%20for%20the%20same%20person.%20So%20visibility%20into%20the%20data%20source%20would%20be%20helpful.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegarding%20the%20matching%20of%20users%3A%20Thanks%20for%20recognizing%20the%20use%20case.%20Do%20I%20understand%20correctly%20that%20you%20are%20planning%20to%20implement%20matching%20in%20the%20future%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20think%20about%20groups%20in%20this%20context%20as%20well.%20In%20my%20case%20it%20would%20be%20great%20to%20have%20the%20user%20authenticate%20against%20the%20subsidiaries%20domain%20but%20use%20groups%20from%20HQ%20domain%20for%20authorization%20in%20the%20Azure%20Portal%2C%20Apps%20and%20so%20on.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F588%22%20target%3D%22_blank%22%3E%40Peter%20Stapf%3C%2FA%3E%26nbsp%3Bthanks%20for%20your%20help%2C%20using%26nbsp%3B%3CSPAN%3EAzureADSSO.psd1%20worked%20great.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065152%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065152%22%20slang%3D%22en-US%22%3E%3CP%3EPassword%20hash%20sync%20seems%20to%20be%20broken%20right%20now.%20Existing%20users%20work%20fine%2C%20new%20users%20do%20not%20get%20their%20passwords%20and%20password%20changes%20are%20not%20reflected.%3C%2FP%3E%3CP%3EDoes%20anybody%20else%20experience%20issues%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065427%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065427%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F216408%22%20target%3D%22_blank%22%3E%40Nitika%20Gupta%3C%2FA%3E%3C%2FFONT%3E%20-%20Taking%20the%20current%20restriction%20%3CFONT%3E%22Matching%20across%20forests%20does%20not%20occur%20with%20cloud%20provisioning%22%20takes%20me%20to%20the%20following%20%3CFONT%3Easumption%3A%20in%20an%20Exchange%20Resource-Forest%20Scenario%20(central%20Exchange-Forest%2C%20connected%20with%2010%20User%20Forests)%20%2C%20Cloud%20Provisoining%20currently%20cannot%20help%20me%20to%20provision%20all%20the%20involved%20User-Forests%2C%20right%3F%3C%2FFONT%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065794%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065794%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F479983%22%20target%3D%22_blank%22%3E%40MuellerMartin%3C%2FA%3E%20-%20We%20will%20look%20into%20this%20issue%20for%20your%20tenant.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065795%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065795%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F82369%22%20target%3D%22_blank%22%3E%40Reto%20Krebs%3C%2FA%3E%26nbsp%3B%20-%20We%20do%20not%20support%20the%20account-resource%20forest%20topology.%20Checkout%20the%20list%20of%20supported%20topologies%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fcloud-provisioning%2Fplan-cloud-provisioning-topologies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fcloud-provisioning%2Fplan-cloud-provisioning-topologies%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1136849%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1136849%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20currently%20testing%20the%20installation%20and%20configuration.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20title%3D%22Install%20the%20Azure%20AD%20Connect%20cloud%20provisioning%20agent%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fcloud-provisioning%2Fhow-to-install%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EInstall%20the%20Azure%20AD%20Connect%20cloud%20provisioning%20agent%3C%2FA%3E%3C%2FP%3E%3CP%3EStep%208%20%3A%20%22On%20the%26nbsp%3BConnect%20Active%20Directory%26nbsp%3Bscreen%2C%20select%26nbsp%3BAdd%20Directory.%20Then%20sign%20in%20with%20your%20%3CSTRONG%3EActive%20Directory%20administrator%20account%3C%2FSTRONG%3E.%20This%20operation%20adds%20your%20on-premises%20directory.%20Select%26nbsp%3BNext%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuestion%3A%26nbsp%3B%20What%20are%20the%20smallest%20on-prem%20AD%20permissions%20that%20work%3F%20(With%20Password%20hash%20sync)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1158166%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1158166%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20attribute%20filtering%20possible%3F%20I%20want%20to%20exclude%20the%20Exchange%20attributes%20(Exchange%20on-prem%20installation)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1160029%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1160029%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F483708%22%20target%3D%22_blank%22%3E%40namor38%3C%2FA%3E%20-%20You%20can%20use%20Microsoft%20Graph%20API%20to%20remove%20the%20attribute%20that%20you%20do%20not%20want%20to%20sync.%20Check%20this%20out%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fcloud-provisioning%2Fhow-to-transformation%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fcloud-provisioning%2Fhow-to-transformation%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1160079%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1160079%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F216408%22%20target%3D%22_blank%22%3E%40Nitika%20Gupta%3C%2FA%3E%26nbsp%3B%26nbsp%3B-%20Thanks%20for%20the%20info%20and%20link.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20understand%20correctly%2C%20that%20applies%20to%20Azure%20AD%20schema%20for%20provisioning.%3C%2FP%3E%3CP%3EI%20can't%20configure%20this%20for%20every%20cloud%20provisioning%20agent%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20should%20be%20able%20to%20make%20the%20setting%20(exclude%20sync%20of%20Exchange%20attributes)%20for%20each%20agent%20since%20the%20migration%20scenario%20is%20not%20always%20the%20same.%3C%2FP%3E%3CP%3ESubsidiary%20sometimes%20with%20an%20Exchange%20and%20sometimes%20without%20an%20Exchange%20Server%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1160162%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1160162%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20cloud%20provisioning%2C%20all%20the%20configuration%20is%20done%20in%20Azure%20AD.%20The%20agent%20is%20lightweight%20and%20stateless.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20schema%20updates%20are%20for%20a%20provisioning%20configuration%20and%20will%20only%20apply%20to%20the%20domain%20in%20scope.%20Each%20domain%20(subsidiary)%20can%20have%20their%20own%20configuration%20with%20different%20schema.%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1274965%22%20slang%3D%22en-US%22%3ERe%3A%20Bring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1274965%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eis%20it%20still%20in%20public%20review%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-827835%22%20slang%3D%22en-US%22%3EBring%20identities%20from%20disconnected%20ADs%20into%20Azure%20AD%20with%20just%20a%20few%20clicks!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-827835%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EToday%20we%E2%80%99ve%20got%20some%20amazingly%20cool%20news%20to%20share.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20work%20in%20a%20large%20enterprise%2C%20you%20probably%20already%20know%20how%20big%20the%20challenges%20can%20be%20when%20your%20company%20makes%20an%20acquisition%20and%20you%20suddenly%20get%20asked%20to%20provide%20cloud%20identity%20services%20to%20an%20entirely%20new%20business%20group%2C%20usually%20one%20with%20their%20own%20set%20of%20Active%20Directory%20domains%20and%20forests.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20this%20is%20a%20challenge%20you%20face%2C%20I%E2%80%99m%20excited%20to%20let%20you%20know%20about%20the%20public%20preview%20of%20Azure%20AD%20Connect%20cloud%20provisioning!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20cloud%20provisioning%2C%20customers%20can%20easily%20provision%20identities%20from%20multiple%20disconnected%20AD%20forest%20to%20Azure%20AD.%20Azure%20AD%20Connect%20cloud%20provisioning%20moves%20the%20heavy%20lifting%20for%20provisioning%20from%20AD%20to%20Azure%20AD%20to%20the%20cloud%20with%20lightweight%20agents%20on-premises%20and%20provides%20the%20following%20benefits%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EHelps%20with%20provisioning%20from%20disconnected%20AD%20forests%20to%20Azure%20AD%3C%2FSTRONG%3E%E2%80%94Organizations%20may%20have%20disconnected%20AD%20forests%20due%20to%20mergers%20and%20acquisitions%20or%20remote%20office%20locations.%20Whatever%20the%20reason%20may%20be%2C%20cloud%20provisioning%20allows%20you%20to%20quickly%20integrate%20these%20multiple%20disconnected%20AD%20forests%20into%20an%20Azure%20AD%20tenant.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EReduces%20on-premises%20footprint%3C%2FSTRONG%3E%E2%80%94The%20provisioning%20agent%20is%20a%20lightweight%20agent%20with%20the%20sync%20complexity%20(configuration%20and%20processing)%20in%20the%20cloud.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EEnterprise%20grade%20high%20availability%3C%2FSTRONG%3E%E2%80%94Multiple%20provisioning%20agents%20can%20be%20deployed%20to%20ensure%20high%20availability%20for%20provisioning%20especially%20for%20password%20hash%20sync.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1654195545%22%20id%3D%22toc-hId-1654195545%22%3E%3CFONT%20size%3D%225%22%3EGive%20cloud%20provisioning%20a%20try%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FFONT%3E%3C%2FH3%3E%0A%3CP%3ESetting%20up%20cloud%20provisioning%20is%20a%20two-step%20process.%20The%20first%20step%20is%20to%20install%20the%20lightweight%20provisioning%20agent%20on%20a%20domain%20joined%20server%20(or%20server%20VM).%20The%20second%20step%20is%20to%20configure%20cloud%20provisioning%20in%20the%20Azure%20portal.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EStep%201%3A%20Install%20the%20provisioning%20agent%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EBefore%20you%20install%20the%20Azure%20AD%20Provisioning%20agent%2C%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fcpprerequisites%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ecomplete%20the%20prerequisites%3C%2FA%3E.%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EIn%20the%20Azure%20AD%20Connect%20experience%2C%20click%20%3CSTRONG%3EManage%20provisioning%20(preview)%3C%2FSTRONG%3E.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%201.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F160253iC0622A305F3BDE7D%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Azure%20AD%20Connect%20cloud%20provisioning%201.png%22%20alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%201.png%22%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3BOn%20a%20%3CSTRONG%3Edomain%20joined%20Windows%20server%3C%2FSTRONG%3E%2C%20click%20the%20%3CSTRONG%3EDownload%20agent%3C%2FSTRONG%3E%20button%20to%20download%20the%20Azure%20AD%20provisioning%20agent.%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%202.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F160254i1557E125373C9441%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Azure%20AD%20Connect%20cloud%20provisioning%202.png%22%20alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%202.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3BFollow%20the%20wizard%20steps%20to%20install%20the%20provisioning%20agent%20package.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%203.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F160255i3279C2C9AA42EA76%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Azure%20AD%20Connect%20cloud%20provisioning%203.png%22%20alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%203.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E4.%20Once%20the%20agent%20is%20installed%2C%20you%E2%80%99re%20ready%20to%20configure%20provisioning%20in%20the%20Azure%20portal.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%204.png%22%20style%3D%22width%3A%20600px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F160256iCE6FFF79E3C72FB9%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Azure%20AD%20Connect%20cloud%20provisioning%204.png%22%20alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%204.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CBR%20%2F%3E%3C%2FSTRONG%3E%3CSTRONG%3EStep%202%3A%20Configure%20cloud%20provisioning%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EIn%20the%20Azure%20AD%20Connect%20experience%2C%20click%20%3CSTRONG%3EManage%20provisioning%20(preview)%3C%2FSTRONG%3E.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%205.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F160257i87571F775169B3DA%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Azure%20AD%20Connect%20cloud%20provisioning%205.png%22%20alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%205.png%22%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3E%2B%20New%20configuration%3C%2FSTRONG%3E.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%206.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F160261i3061568CEA3D06D8%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Azure%20AD%20Connect%20cloud%20provisioning%206.png%22%20alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%206.png%22%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3EEnable%3C%2FSTRONG%3E%20to%20apply%20the%20configuration.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%207.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F160263iE1F514207C574C40%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Azure%20AD%20Connect%20cloud%20provisioning%207.png%22%20alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%207.png%22%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3ESave%20the%20configuration.%20The%20AD%20changes%20are%20now%20provisioned%20to%20Azure%20AD%20every%20two%20minutes.%20For%20more%20guidance%20on%20how%20to%20get%20started%2C%20checkout%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fcptutorials%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20AD%20Connect%20cloud%20provisioning%20tutorials%3C%2FA%3E.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20that%20you%E2%80%99re%20familiar%20with%20cloud%20provisioning%2C%20let%E2%80%99s%20take%20a%20look%20at%20what%20features%20are%20currently%20supported.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--897961416%22%20id%3D%22toc-hId--897961416%22%3E%3CFONT%20size%3D%225%22%3EAzure%20AD%20Connect%20cloud%20provisioning%20capabilities%3C%2FFONT%3E%3C%2FH3%3E%0A%3CP%3EAzure%20AD%20Connect%20cloud%20provisioning%20public%20preview%20supports%20the%20following%20capabilities%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%208.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F160266i04C88CB0C72740BF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Azure%20AD%20Connect%20cloud%20provisioning%208.png%22%20alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%208.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20learn%20more%2C%20check%20out%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fcpfeaturecomparison%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20AD%20Connect%20cloud%20provisioning%20documentation%3C%2FA%3E.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-844848919%22%20id%3D%22toc-hId-844848919%22%3ELet%20us%20know%20what%20you%20think%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FH3%3E%0A%3CP%3EWe%E2%80%99re%20just%20getting%20started%20and%20would%20love%20to%20get%20your%20feedback%20on%20the%20current%20set%20of%20capabilities%20and%20what%20more%20you%20need.%20Please%20give%20us%20your%20feedback%20in%20our%20%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F169401-azure-active-directory%2Ffilters%2Ftop%3Fcategory_id%3D160599%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EAzure%20AD%20UserVoice%20feedback%20forum%3C%2FA%3E%20or%20in%20the%20comments%20below.%20We%20look%20forward%20to%20hearing%20from%20you!%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3EBest%20regards%2C%3C%2FP%3E%0A%3CP%3EAlex%20Simons%20(%20%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAlex_A_Simons%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%40Alex_A_Simons%3C%2FA%3E%20)%3C%2FP%3E%0A%3CP%3ECorporate%20VP%20of%20Program%20Management%3C%2FP%3E%0A%3CP%3EMicrosoft%20Identity%20Division%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-827835%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%20teaser.png%22%20style%3D%22width%3A%20300px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F160252iA946285F4E458AA6%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Azure%20AD%20Connect%20cloud%20provisioning%20teaser.png%22%20alt%3D%22Azure%20AD%20Connect%20cloud%20provisioning%20teaser.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAzure%20AD%20Connect%20cloud%20provisioning%20is%20now%20in%20public%20preview!%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-827835%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EProduct%20Announcements%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Jul 24 2020 01:27 AM
Updated by: