Howdy folks,
It's a great day here in Redmond – The sun is out, it's not raining and we have some cool new identity synchronization features available in preview!
First, we've added a preview of DirSync password writeback for Self Service Password Reset. This preview capability allows customers who rely on federation or password hash sync to use Azure AD Premium to reset on-premises passwords in Windows Server Active Directory.
Additionally, we've also released a preview of our new AAD Sync. AAD Sync is our newly created "one sync service to rule them all". In this first preview, we are using AAD Sync to enable synchronization from multi-forest Windows Server AD Deployments, a capability that all of our largest customers have been asking for. Over time (6-8 months), Azure AD Synch will replace DirSync and be included for all AAD, Office 365 and other Microsoft cloud service customers. It will enable simple synchronization like DirSync does today, but also have a set of much more advanced capabilities, for instance, support for combinations of directories (AD, LDAP, SQL, and others) and the ability to remap and swizzle existing on-premises attributes. AAD Premium customers will also use it for writeback scenarios like Self Service Group Management.
Using the AAD Sync preview you will be able to:
You can access the updated DirSync with Password Reset writeback here . Once installed, you can configure the password reset writeback agent by opening an elevated DirSync configuration shell and running the Enable-OnlinePasswordWriteback commandlet. Want more details? We'll have a writeback installation guide coming next week, so stay tuned!
You can join the Azure Active Directory Sync Services preview here . The AADSync preview will then be added to your Microsoft Connect account. Through this you will be able to download the most recent version, get information on known issues and updates, as well as provide feedback.
The installation is an easy 3-step process and is similar to DirSync.
After you run the installer you will first you need to provide your AAD credentials and click "Next" to continue.
Add each of your AD forests, this is done by entering Active Directory Domain Services credentials for each forest and clicking on "Add Forest". Once a forest is added, AADSync will detect what services the forest contains, e.g. Exchange and Lync, and create an initial default configuration which will work for most customers. The configured forest will be added to the list. The forest can also be removed by clicking on the X next to the forest name. Once you are done adding all your forests you will need to click "Next" to continue.
Fig 1: AADSync add AD forests
AADSync will now collect additional information on your multi-forest environment. This configuration helps AADSync understand how to map a user represented in more than one forest and how to uniquely identify each user. If you using one forest you can leave the default configuration options and click "Next".
Fig 2: AADSync Multi forest configuration
That is it! Your initial configuration is complete, at this point you can begin synchronizing your users with Azure Active Directory. You can also use the AADSync advanced UI to:
Fig 3: AADSync OU filters
Fig 4: AADSync attribute mapping
Fig 5: AADSync attribute selection by service
Let us know what you think! Whether it's a feature you love, something you think we are missing, questions, or even if it's an experience that you just don't like, you can reach out to us through the AADSync Microsoft connect preview or the Windows Azure AD Forum .
Best regards,
Alex Simons (twitter: Alex_A_Simons )
Director of Program Management
Active Directory
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.