Azure AD crash course

New Contributor

I’m trying to teach myself a really basic ‘crash course’ on the basics of a hybrid environment in terms of Azure and on-prem AD, specific to user accounts, access/permissions and the administration thereof.

 

As an end-user, we use SharePoint Online and Exchange Online for email/document management services, but the majority of other line of business apps and legacy file storage is located on internal servers that are joined to a 'local' AD (perhaps not the correct phrase?).

 

Based on the overall architecture of our IT services, there are some very basic questions I would benefit from some help with:

 

  1. Does such a setup have a technical name in the industry? e.g. hybrid AD? 
  2. Does it mean the users will likely actually require x2 accounts, one for governing access to the online 365 apps, and one for governing access to the on-prem infrastructure? I’m guessing it can only be x1 account as we don’t have multiple passwords/account names, but that may be due to some form of synchronization between the two systems?
  3. What would you refer to the two types of accounts as, as an AD support engineer?
  4. When a user leaves a company, does the Admin have to disable x2 accounts, one for the 365 access such as Exchange/SharePoint, and the on-prem AD account, or if they are synched can they disable just the on-prem AD account, or just the account in Azure AD?
  5. Under what circumstances/for what types of users and access would an account only be created in Azure AD? As opposed to created in the on-prem AD system?
  6. Would all on-prem AD accounts be ‘synched’ to Azure AD, or only specific accounts?
  7. Where do you perform basics like password resets? Or can you do this in either Azure AD or on-prem AD and it synchronizes between both AD databases? Or would there be some accounts which need reset in Azure and others on-prem?
  8. If you create an account in Azure AD, is that then synched with local-AD ?
1 Reply
Dont have the time now to give you detailed answers on all the above, so I'd refer you to the documentation. Here's a good starting point: https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-wor...
Drill down from there and make sure to cover the articles in the whole Plan/Deploy/Manage sections.