Forum Discussion
AD Sync not strictly required?
Hi AlexPawlak ,
As I already thought and stated, the UPN & password hashes do match in Windows AD & Azure AD, making it possible for the user to sign in. 
But as soon as Windows AD or Azure AD changes, it would fall apart. 
Therefor, AD Connect syncs the useraccounts from Windows AD to Azure AD, keeping passwords in sync (with Writeback capabilities).
Azure AD DS goes a step further, it starts from Azure AD, and makes a Windows AD available in your VNET, also keeping it in sync.
Regarding the licensing: it could be possible to connect without proper license, but this is not guaranteed. I would recommend to assign an eligible license to the user(s) which are listed here at the FAQ.
https://azure.microsoft.com/en-gb/pricing/details/virtual-desktop/
OK 🙂 So that kind of makes it clear - AD Connect is preferred method of making password sync, but if I want to keep entities separate, I just need to make sure the password remains the same 🙂
The licenses are bought, with VLSC or CSP, and only assigned as "entitlement" on paper, contrary to "classic" RD Licensing - where the licenses have had to be technically activated on license server - is this the right approach?
Thanks!
