Time
2 hours 42 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
Hello and welcome back to the office. 3 65 Migration primer. Course I'm gonna shorter Jim Daniels. And for this lesson, we're on Model three. Identity Lesson five. Azure Active Directory connects
00:16
In this lesson. We're gonna cover some of the pros and cons of Azure A D Connect
00:20
as well as some of the features
00:23
as your A D Connect or a D Connect
00:27
is the directories synchronization tool that copies or on premise accounts into Azure A. D.
00:34
You can also filter which accounts sinking as radi
00:39
cloud based accounts that originate in the cloud do not copy to on premise.
00:44
Remember earlier we discussed Azure 80
00:48
is what office 3 65 uses toe. Authenticate
00:52
your users
00:54
so as you're 80 connect is the bridge from your Own Premise. Active directory
01:00
to populating those values in those fields. In Azure 80
01:04
there are two main authentication methods within Azure 80 connect.
01:08
The 1st 1 is password hash
01:11
in this authentication method, password hashes or sink
01:15
from your local 80 into azure. 80
01:19
users have the same password on premise, and in Azure 80
01:23
password is never sent to Azure 80 or stored in Azure A D. in clear text.
01:30
Authentication takes place in Azure a d.
01:34
It seems the hash. Instead of the password
01:38
passed through authentication.
01:40
All the counts are still competency in Azure a D
01:44
password hashes or not present
01:47
in Azure 80
01:49
and forces or on premises, user account states on log one Hours and authentication takes place at a one premise software agent.
01:59
All right, so past the room.
02:00
It's sort of a hybrid between a DFS and password hash as Radi connect.
02:08
It's a fairly new authentication method, but a lot of people are moving toward this because it doesn't require the same infrastructure investment that a DFS does.
02:20
So let's take a look at password hash, synchronization and this diagram your on premise organizations. On the left hand side, you have your own premise. Users. You have a server running as your 80. Connect
02:31
the user accounts or present
02:34
because remember your local out of directory
02:38
feeds into as Radi Connect and Mass. How it gets into Azure i d.
02:43
When a user goes to authenticate,
02:46
they authenticate straight to Azure 80.
02:50
As Ready has a copy of the accounts and the hash passports from your own premise user.
02:55
So in this model,
02:58
nothing comes back home from
03:00
now. It'll get passed through authentication
03:04
with this one. Your user
03:07
tries access, and I happened. Will use office 3 60 Follow, for example.
03:12
After they try access the app the users redirected to Azure A D to sign in.
03:20
All right, so we're still in the cloud.
03:23
At that point, the user enters user name and password information.
03:28
The user name and encrypted
03:30
password is placed in a queue and as radi,
03:32
then it goes to the one premise agent
03:36
that takes a request from the queue.
03:38
The agent then decrypt the password. Using the private key
03:44
validates the user name and passport against
03:46
one premise. Active directory
03:50
that a director returns. A result to the agent
03:53
agent returns. The result to azure A. D as a radi then completes a sign and process if the result of successful user has access.
04:03
This looks very similar to a DFS,
04:06
except that utilizes as your a D
04:10
and a one prim agent.
04:13
As far as azure a D connect. Their requirements are pretty simple.
04:17
You have to have in as your 80 10
04:19
again. Everyone has one. As soon as you sign up for officer in 65.
04:25
You have to Adam verify the domain Using Azure Active directory
04:30
on premise. You have to have a 2003 plus 80 scheme and force functional level.
04:35
Your D C. That is used by Azure 80 Connect cannot be a read only domain control.
04:42
You have to have it installed on a Windows Server 2008 or two plus,
04:47
which shouldn't be that bad, because that is even doing end of life here soon in 2020
04:54
for your
04:55
as your active directory 80 Connect server, you need to have dot net 451 or above and Power shell three or above.
05:03
All right, So here's a quiz
05:05
Cloud created user accounts seemed to own premise Active directory When using
05:13
as Radi Connect,
05:15
we talked briefly about this toward the opening.
05:18
The answer that is false.
05:21
It does not run back the whole entire object.
05:26
Let's look at some of the options within. As Radi connect,
05:30
you have the ability to select which domains and oh used to sink. If you have a certain OU that contains user objects that will never have a cloud presence,
05:41
I don't think it
05:43
password right back.
05:45
You can enable self service password reset in Officer 65
05:48
that allows a user to reset their credentials
05:53
in Officers 65. And it writes that password value back into your own premise. Active directory.
06:00
So the update, the password. It also reflects him with azure A D, and it goes in and replace him with your local out of directory,
06:09
you have exchanged hybrid options.
06:12
You have passwords, sink versus password hash.
06:15
You also get a choose which active directory attributes You want to think
06:19
you can map attributes into custom attributes, and I drive a directory custom sink rules as well. It's very flexible
06:28
for daily management. For those users.
06:30
These are objects or manage one premise out of the right jury. The daily Management for Azure 80 connect
06:36
for your users is exactly the same as your A DFS.
06:41
You're going to manage all of the out of directory. Ashby's confrim,
06:45
um, with a duck or any of you. Other 80 tools office 3 65 specific attributes such as licensing and other cloud attributes. You manage those either in the 3 65 admin center or in the azure 80 at in center
07:00
So, to recap,
07:01
as your 80 connect is a tool that sinks on Premise 80 data into as your active directory
07:10
as your 80 Connect supports both passed through and password hash authentication models.
07:15
Password Right back is a feature supported by as your 80 connect
07:19
and allows users to reset their passwords and unlock their accounts from the cloud.
07:27
Thank you for taking time to joining me in this lesson. I hope to see you for the next one. Thank you.

Up Next

Office 365 Migration

In this Office 365 migration training, we look at the migration processes involved with Office 365 including preparation, identity configuration and Exchange, SharePoint and OneDrive migrations. Multiple scenarios are covered with supported migration techniques.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor