Azure AD Connect to replace Dirsync and simplify Cloud identity managment

Recently I’ve been performing quite a few projects based on Microsoft Azure & Office 365. Now most of these projects are hybrid configurations. This means that they include both cloud and on premises solutions that are connected to each other.

Now the foundation of these projects is DirSync (Not to be confused with DirSync Pro – A file synchronisation tool). DirSync is the tool that synchronizes your Active Directory with both Office365/Azure directory services. In its first release DirSync would only sync Users and group names and attributes, it did not synchronise passwords or provide a single sign on experience (meaning that even if your computer was domain joined you would still be required to type in a password when using Outlook to connect to office 365 for example). To Achieve these capabilities you were required to set up an Active Directory Federation between you on premises AD and Azure/Office 365 Cloud. To do this in both a secure and resilient manner would require 4 servers, 2 in the lan and 2 in the DMZ. This number would also be multiplied by the number of Active Directory sites your organization has.  Using Active Directory Federation would also allow you to sync passwords back to your on premises Active Directory basically allowing password changes to be performed in the cloud.

Another major drawback was that it was only possible to synchronise a single AD domain with your cloud tenant. So if you had a multiple domain environment you would require multiple tenants in the cloud.

In its current version DirSync also synchronizes passwords to the cloud. Although neither password write back or SSO are supported. This for most companies is sufficient and most companies do not feel the need to implement ADFS for cloud services.

Now over the last few months a few additional tools have been released to beta including Azure AD connect & Azure AD Sync. These tools added password sync back and automatic set up of ADFS. but thing got a bit confusing. Now Microsoft has just released (beta at the moment) Azure AD connect. A single tool that when released to GA will replace all former tools with all features rolled up into a single package. The new tool includes support for Password Sync, Password Write back, multiple domain support and all with 4 simple clicks. You can also use Azure AD Connect to perform SSO with other external services such as Salesforce, Box & more

Small note – Azure AD is a cloud service based in Azure. The service is free of charge with limited capabilities there is an option of purchasing basic & premium plans. You can find the feature comparison list here.


One thought on “Azure AD Connect to replace Dirsync and simplify Cloud identity managment

  1. Pingback: Gil Gross on Microsoft | Azure AD Connect Now Available

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s