How to Decide Between Azure AD Connect and Azure AD Connect Cloud Sync

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi jeff hi how you doing i'm not bad how are things doing really well really busy um over the uh hafnium bump and uh move to more important things for well not that haptium isn't important but well now we can start thinking about what we should do about identity and i wanted to talk to you uh about how do you make a decision between azure id connect and as your ad connect cloud sync and for those that don't know just to get an idea of what is that new cloud sync technology uh and and then it once we've made the choice between it really sort of explore where its valuable use cases are and where you might want to consider it uh to be something for maybe a little bit later so starting with the first one uh what what is your id connect cloud sync and is it new is it something i should be looking at today sure so uh azure ad connect first has been around for a long long time it's very mature product uh microsoft realizes that uh your journey to the cloud is unfortunate to have it start with installing more software on-prem so they have put a lot of emphasis and investments into creating a cloud service that can rev one it it has generally it's become generally available so it's hit ga uh we should see a lot more invest in it and it'll uh improve in its uh uh capabilities uh for now it does the basics it it does uh synchronize user objects to the cloud uh so that uh you have those objects in the cloud and you can apply security principles to them add them to groups etc you still will be using your ad on-prem as your source of authority the accounts that uh if you provision new accounts manage accounts it's still going to be in ad on-prem but the service then synchronizes those changes with the cloud in azure active directory uh there are some limitations to the current version um most of my customers are working with exchange yeah uh and uh cloud sync does not work with exchange uh so it's it's a very limited use for my customers uh so yeah so when we say exchange do we mean we're talking about a hybrid or is that what what scenarios aren't supported with it because i know it sinks attributes for male enabled users right but i couldn't use it to yeah to form the basis of a hybrid migration or an ongoing sync for hybrid after i've moved mailboxes is that right correct you couldn't use it for either one if it's hybrid you have exchange on-prem you were either migrating to the cloud in the process of it or getting ready to or uh you have already completed your migration to the cloud at this time you're still required to have an exchange server on-prem to manage those ad attributes that are mail related and those do not sync with azure ad connect so if you are a hybrid customer either in the process or have already completed uh azure ap connect sync cloud sync is not a solution for you okay so that limits it slightly but of course if you're still running a hybrid server you're going to run on-premises infrastructure and even if you are a multi-forex hybrid server then right that's only one as you already connect cloud sync and those are usually quite complex environments where being able to connect over the network between different forests isn't necessarily a big problem really is it and you would want to be on our tried and tested footing for that the one thing that right popped into my mind when i first saw this uh was i've seen customers where it's quite it's been beneficial when they've had something like octa and i i'm not a fan not that there's anything wrong with octa in particular but it's when they've got maybe a 10 forest they're not connected together and they want to go all to one tenant then it's it's sometimes quite fortuitous that they have a solution like octa that can synchronize all of those disconnected forests into one azure ad does that strike you as where this should be going or is that the wrong sort of use case for it uh as long as exchange is not in the mix there which is uh the world is is not likely i mean it's more than likely exchange is going to be in uh then yes it would be a it might be an appropriate solution yeah um i wrote an article for quest that you know kind of goes through the details of what's supported what's not and uh you know you should probably take a look at that see if you have any stoppers that would prevent you from doing ada cloud sync yeah but if you're able to use it and it fits your scenario i would go with that over active directory connect the normal method because we're going to see a lot more investment made in the cloud sync product um and uh if it fits the bill it's one less piece of software that's running on your infrastructure yeah and there are so that's usually most people's goal is to minimize that footprint yes and there are scenarios where people do start with microsoft 365 and they've got to get running quite quickly and email isn't the thing that's going to happen first they're going to come back to that later on so that i might remember when exchange multi-forest hybrid came out that was some time after a zero d connector as uad sync supported the multi-foreign hybrid model as well that had to become ga then further down the line exchange supported it so i i looked at it as disappointing but yeah it's it's different teams in microsoft have to finish one product before the next thing gets validated as well so some good scenarios there and as you say on project 365 we've got uh a good set of different scenarios these are the supported things and reasons to do it in the these kind of scenarios uh and what supports it and what's not and what you should do first so do you think you're going to be boarding as you already connect cloud sync into any production customer environments in the next six months so as a consultant who works with exchange heavily uh and and the fact that it is not supported in cloud sync right now uh no i don't i don't anticipate it no uh there are uh when we asked the team who's writing it when they might support uh exchange they uh said it's on their roadmap yeah which means it's not in the near term you know we it may be quite a while so so that the key thing is finding those appropriate use cases try it out in the labs get to understand how it works now yeah and then when it's ready for exchange environments which is a lot of environments you'll be good to go because fundamentally using it setting it up understanding how the agents works creating rules for this is all different to the way we're really really used to so when it's ready you'll probably find that that's going to open the door to some new opportunities though yeah yeah and there are some other things that it doesn't support if your organizations invested in windows hello yeah doesn't support that it doesn't do uh hybrid 80 join uh so there's there's some significant things that energy so yeah yeah that's that is massive uh it's definitely one for the lab for the moment isn't it you know yeah arguably that's a that's as big a gap as as exchange hybrid yeah all right that that was really interesting and enlightening and uh for the full article check out practical365.com thanks for joining me jeff it's always great to speak to you nice to see you take care

Info

Channel: Practical 365

Views: 1,621

Rating: undefined out of 5

Keywords: Azure AD, AADC, OKTA, Cloud Sync, Azure AD Connect

Id: 5D70AyFx_rw

Channel Id: undefined

Length: 9min 31sec (571 seconds)

Published: Fri Apr 09 2021