locked
Azure AD Password Sync with remote users RRS feed

  • Question

  • I run a IT Department with 99% mobile workforce as we migrate to office 365 I want to utilize Azure AD Premium to ensure that that both of those passwords sync.  What do I have to do to ensure that the local domain accounts on the remote workstations remain in sync with the on-prem and azure cloud domain accounts.   Our users are currently using laptops on win 7 pro.

    thx

    --mac

     
    Tuesday, December 8, 2015 7:17 PM

All replies

  • Assuming you have a local AD. If you enabled directory sync from on-perm AD to Azure, it will synchronize all domain user accounts.  Synchronization will run every 3 hours.

    Santhosh Sivarajan | Houston, TX | www.sivarajan.com
    ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA

    My Books: | Windows Server Security | Windows Server 2012

    Blogs | Twitter | LinkedIn | Facebook|

    This posting is provided AS IS with no warranties, and confers no rights.

    Wednesday, December 9, 2015 3:56 AM
  • Hello Mac,

    You can use Azure AD Connect to integrate your on-premises identity system such as Windows Server Active Directory with Azure Active Directory and connect your users to Office 365, Azure and 1000’s of SaaS applications. Azure AD Connect also lets you enable password sync between your on prem and cloud. For more details see this link - https://azure.microsoft.com/en-in/documentation/articles/active-directory-aadconnect/

    For password write you can use Azure AD Premium - https://azure.microsoft.com/en-in/documentation/articles/active-directory-passwords-getting-started/

    Hope this helps!

    Best Regards

    Sadiqh Ahmed

    ________________________________________________________________________________________________________________

    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    Wednesday, December 9, 2015 8:02 AM
  • ok I understand the syncing of the cloud based systems, with the local domain, would this also allow for syncing of local laptop passwords( domain joined systems) when the computer is in the field?

    thanks

    MAC

    Thursday, December 10, 2015 3:58 PM
  • What is "local laptop passwords"?

    Santhosh Sivarajan | Houston, TX | www.sivarajan.com
    ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA

    My Books: | Windows Server Security | Windows Server 2012

    Blogs | Twitter | LinkedIn | Facebook|

    This posting is provided AS IS with no warranties, and confers no rights.

    Friday, December 11, 2015 3:48 AM
  • ok I understand the syncing of the cloud based systems, with the local domain, would this also allow for syncing of local laptop passwords( domain joined systems) when the computer is in the field?

    Greetings!

    As far as your initial question about users on on-premise AD / local AD getting sync'ed with Azure AD goes, as Sadiqh and Santhosh rightly suggested you may go with any directory synchronization tools (preferably AAD Connect tool).

    As far as syncing of local laptop passwords (like domain joined systems), we have 2 options:

    1/ Instead of Windows 7, we may have to consider using Windows 10 which features Azure AD Join as per: Azure AD Join on Windows 10 devices and Azure AD and Windows 10 - Bringing the cloud to enterprise desktops.

    2/ Should you not be able to upgrade enterprise PCs to Windows 10, we might have to take a longer route. We need to replicate our on-prem AD to a DC instance hosted on an Azure VM (present in a vNet) and have to connect the office site to Azure vNet via Site-to-Site VPN and remote users can use Point-to-Site VPN to connect to the same vNet. With that, Azure vNet becomes like extending our office network and remote users are remotely connected to it. Reference: VPN Gateway FAQ. This might be suitable for a small or medium sized businesses.

    Lastly, you might also want to keep an eye on Azure AD Domain Services (Preview feature) and learn about its features.

    Hope this helps!

    Thank you,

    Arvind

    Friday, December 11, 2015 11:35 PM