Mar 09 2017
- last edited on
Jan 14 2022
I colleague asks if there is a way to use MIM/FIM to sync to Azure AD?
I recall that there used to be a FIM agent that you used in multi-forest scenarios.
Today AAD Connect handles multi-forest.
This company already has Identify Manager deployed and uses it heavily, so they want use it instead of deploying Azure AD connect if possible.
Mar 11 2017 08:02 AM
Yes that can be done. @Spencer Harbar has an excellent presentation at Ignite last year on this topic https://myignite.microsoft.com/videos/1379
Mar 14 2017 12:35 AM
Like Dean said, yes it is possible. You can also check MSDN
On this page you will find a guide to install and configure the connectors to azure ad connect services!
Mar 14 2017 09:23 AM
Everyone is right that it is possible. That being said, the official recommendation is to deploy a seperate instance with Azure AD Connect. The features that get rolled into and released to Azure AD Connect often are unavailable using the Azure AD MA with MIM.
More details on what's supported here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-hybrid-identity-design-cons...
Apr 05 2017 11:18 AM
Yes highly recommended to run Azure AD Connect as your identity bridge between on premises and cloud as it is frequently updated in sync with updates in Azure AD as well as in Office 365 in hybrid mode. In a FIM/MIM instance these frequent updates on the connector could make updates/changes that affect other connectors and more often than not organizations really dont want to touch their configured connectors and sync schedules.
So yes the best practice is to have Azure AD Connect be your connection between AD and Azure AD.