Last week Microsoft announced the General Availability of Azure AD Connect. With this release all existing Azure AD and Office 365 customers should start planning their upgrade of their existing directory synchronization tools to Azure AD Connect. Azure AD Connect brings several new features for both new and existing deployments.
New deployments can take advantage of the Express Settings setup enabling you to have your users up and running on Azure AD in no time. The Express settings setup mode does the following:
- Configures Synchronization of your existing on-premise identities to Azure AD
- Configures Password Synchronization from on-premise AD to Azure AD
- Synchronizes all synced attributes per:
- Runs your initial synchronization automatically.
For existing deployments Azure AD Connect brings with it a new painless upgrade process. For those familiar with the previous upgrade modes from DirSync we had to uninstall and then reinstall. That is no longer the case Azure AD Connect will identify that you have DirSync installed and migrate your existing settings along with providing you an estimated time it will take for synchronizing the directories post upgrade.
For both new and existing deployments, we now have additional deployment configuration options that we can take advantage of. For example, we can now choose which users and devices to synchronize with Azure AD by specifying an AD group. Additionally, we have the following “new” features available:
- Self Service Password Reset from the cloud for on-premise AD Accounts
- User write-back to on-premise AD to enable cloud based user provisioning integrations with applications such as Workday
- Group write-back to on-premise. This specific feature will only write-back “Groups in Office 365” to on-premise AD if you have Exchange 2013 CU 8 installed in your on-premise directory. If you do not have this Exchange Schema installed, then you will not be able to perform group write-back.
- Synchronize Custom directory attributes to Azure AD for custom integration with 3rd party cloud applications.
- Device write-back to on-premise. Device write-back enables us to identify and write claims rules based on devices registered with Azure AD including the “newly” announced Azure AD join in Windows 10.