SOLVED

AD+ADFS+AAD

%3CLINGO-SUB%20id%3D%22lingo-sub-167692%22%20slang%3D%22en-US%22%3EAD%2BADFS%2BAAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167692%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECan%20anyone%20enlighten%20me%20about%20AD%2C%20ADFS%20%26amp%3B%20AAD%20-%20and%20how%20you%20have%20%22moved%22%20your%20users%20into%20O365%3F%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHave%20you%20synced%20all%20accounts%20from%20AD%20to%20AAD%20-%20or%20have%20you%20%22prepared%22%20the%20users%20first%20in%20AD%20e.g.%20by%20setting%20a%20extension%20attribute%20and%20then%20on%20ADFS%20configured%20a%20filter%20so%20only%20these%20users%20gets%20into%20the%20AAD%20-%20or%3F%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-167692%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAAD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eadfs%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167712%22%20slang%3D%22en-US%22%3ERe%3A%20AD%2BADFS%2BAAD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167712%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20really%20depends%20on%20what%20you%20are%20trying%20to%20achieve%2C%20if%20you'd%20like%20some%20consensus%20on%20how%20it's%20done%20generally%2C%20this%20is%20a%20great%20article%20if%20you%20haven't%20seen%20it%20already%20-%20%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fenterprisemobility%2F2017%2F11%2F13%2Fhow-organizations-are-connecting-their-on-premises-identities-to-azure-ad%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EHow%20organizations%20are%20connecting%20their%20on-premises%20identities%20to%20Azure%20AD%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-pass-through-authentication%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20AD%20Pass-Through%20Authentication%3C%2FA%3E%20is%20a%20phenomenal%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-user-signin%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Esign-in%20option%3C%2FA%3E%20along%20with%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-sso%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESeamless%20Single%20Sign-On%3C%2FA%3E%2C%20offering%20many%20of%20what%20were%20traditionally%26nbsp%3Bonly%20available%20with%20AD%20FS%20and%20without%20the%20infrastructure%20downsides.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWIth%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnectsync-configure-filtering%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20AD%20Connect%20filtering%20options%3C%2FA%3E%2C%20there%20is%20a%20lot%20of%20scope%20to%20onboard%20in%20whatever%20way%20works%20for%20a%20given%20situation.%20These%20include%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnectsync-configure-filtering%23group-based-filtering%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EGroup-based%20filtering%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-get-started-custom%23domain-and-ou-filtering%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDomain%20and%20OU%20filtering%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Super Contributor

Hi 

 

Can anyone enlighten me about AD, ADFS & AAD - and how you have "moved" your users into O365? 

 

Have you synced all accounts from AD to AAD - or have you "prepared" the users first in AD e.g. by setting a extension attribute and then on ADFS configured a filter so only these users gets into the AAD - or?   

1 Reply
Highlighted
Best Response confirmed by Taen keren (Super Contributor)
Solution

It really depends on what you are trying to achieve, if you'd like some consensus on how it's done generally, this is a great article if you haven't seen it already - How organizations are connecting their on-premises identities to Azure AD.

 

Azure AD Pass-Through Authentication is a phenomenal sign-in option along with Seamless Single Sign-On, offering many of what were traditionally only available with AD FS and without the infrastructure downsides. 

 

WIth the Azure AD Connect filtering options, there is a lot of scope to onboard in whatever way works for a given situation. These include Group-based filtering and Domain and OU filtering.