Azure AD Connect Sync and Cloud Sync, What’s the Difference?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we compare azure 80 connect sync and azure ad connect cloud sync [Music] azure 80 connect has been out for years and it's the way many organizations sync their windows active directory domain services identities to azure id late last year microsoft came out with azure ad connect cloud sync in this video we're going to compare the tude for an understanding of the differences and when to use one over the other before that please take a second to like subscribe and click the bell icon for notifications of new content that supports this channel and is greatly appreciated let's get back to it to make my life easier i'll refer to azure 80 connect sync as adconnect and azure 80 connect cloud sync as just cloud sync these two products do almost the same thing they synchronize identities such as users and groups from a windows 80 domain to azure 80 but they differ in the way they work and some of the features available the first thing that stood out to me when i read about cloud sync other than how similar the names of these two products are was that the sync process takes place more frequently with cloud sync the minimum time between a sync cycle in 80 connect is 30 minutes with azure 80 connect syncing every 30 minutes and windows 80 replication time factored in a change to a user in windows ad can take up to an hour to sync to azure ad with cloud sync the sync happens every two minutes this is quite an improvement over the 30 minutes of ad connect i'm not sure how a two minute sync will work in extremely large environments that have tens of thousands of objects but more on that coming up let's take a look at how the two function with adconnect there's an agent installed in the domain this is a full agent with an option of using a sql server backend there can only be one agent per azure 80 tenant there's a staging option but that's a standby server only it's not an active active solution adconnect can handle multiple domains and forest but has to have access to the resources in each forest since there can only be one 80 connect agent running per azure 80 tenant the forests have to be connected with a trust relationship if they weren't connected the identities used by the agent wouldn't have the required rights in the forest to read the objects so that means adconnect has no active active high availability option and the source force must be connected with cloud sync it uses one or more lightweight agents these agents are installed locally but managed in azure multiple agents means that we have an active active solution when replicating to our azure 80 tenant the ability to use multiple agents adds another benefit the forests no longer need to be connected to replicate to azure we can have two disjointed domains replicating to a single azure 80 tenant think of what this means for like mergers and acquisitions syncing non-connected domains provides the ability for multiple organizations to access common azure resources without any trust relationship between the forests i know there's other options like guest access for that but let's focus on 80 connect for now both offer a similar set of features let's go over where they differ first and this is a big one for many of you cloud sync does not support replicating devices that means azure ad hybrid join is not an option cloudsync does not support connecting ldap directories and it also doesn't support customer defined 80 attributes or directory extensions they both support password hash synchronization but cloudsync does not support pass-through authentication cloud sync does not support password device group or exchange hybrid right-back that means no self-service password reset and there are limits to the number of objects in the domain and the size of the groups replicated with cloud sync you may think that rules out cloud sync for most large organizations but before you rule it out there's one more thing to consider cloud sync can be used in tandem with adconnect for example it could provide faster replication for objects such as users in azure ad and provide high availability for password hash synchronization by adding another replication agent so what does all this mean azure adconnect cloud sync has a distinct set of features that makes it a consideration for any small to medium organization when looking for directory synchronization options or for organizations that need to bring in users from a disconnected domain such as with mergers and acquisitions it can also augment existing ad connect implementations cloud sync is not a replacement for adconnect however and some of the limitations will prevent many medium and large organizations from using it as their primary identity replication solution that brings us to the end i hope you found this helpful don't forget to like and subscribe and thanks for watching

Info

Channel: Travis Roberts

Views: 1,705

Rating: undefined out of 5

Keywords: Azure AD Connect, Azure AD, Azure, AD Connect, AD Connect Cloud Sync, Cloud Sync, aad connect, azure tips and tricks, azure training, free training, azure tutorial, Microsoft, Microsoft Azure, Azure fundamentals, azure for beginners, azure active directory authentication, Azure Security, hybrid identities, azure hybrid, Microsoft certification, AZ-104, azure active directory

Id: aAZ4QXV7Wy0

Channel Id: undefined

Length: 5min 5sec (305 seconds)

Published: Fri Jun 25 2021