Welcome to Langenile

[email protected]
Contact Us

FURTHER READING– Planning Identity Synchronization

  1. Home / Creating and managing users  / 
  2. FURTHER READING– Planning Identity Synchronization
May 14, 2022
FURTHER READING– Planning Identity Synchronization

You can learn more about the required and supported values for attributes at https://learn.microsoft.com/en-us/powershell/module/exchange/set-mailbox and https://learn.microsoft.com/en-us/microsoft-365/enterprise/prepare-for-directory-synchronization.

When preparing to synchronize your directory, Microsoft recommends performing the following procedures:

  • Use the IdFix tool (https://aka.ms/idfix) to detect errors such as invalid characters in on-premises identities. Values that contain invalid characters will cause object synchronization errors.
  • Configure a user’s userPrincipalName (UPN) to be the same as their primary SMTP address. While it’s not required to have parity between UPN and SMTP addresses, it is recommended to help minimize the number of unique values that users have to remember.

You shouldn’t install and configure directory synchronization until you have resolved the issues identified by IdFix.

Identifying required Azure AD Connect features

Depending on your organization’s requirements for onboarding to Microsoft 365 as well as additional features or services that are included with your subscription, you may want (or need) to enable or configure additional Azure AD Connect features.

There are several additional features available post-installation for Azure AD Connect, such as managing duplicate attribute resiliency and user principal name soft-matching, both of which are used to manage how Azure AD handles conflicts and connect cloud accounts to on-premises accounts.

Further reading

More detailed information about the Azure AD Connect optional features, such as duplicate attribute resiliency, is available here: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-features.

Understanding the prerequisites for Azure AD Connect

The Azure AD Connect synchronization has several prerequisites, including supported hardware and software, as well as permissions required for various synchronization options.

The Azure AD prerequisites can be broken down into seven sections:

  • Azure AD
  • On-premises Active Directory
  • SQL Server
  • Azure AD Connect server hardware requirements
  • Azure AD Connect server software requirements
  • Accounts and security
  • Connectivity

Let’s quickly review the requirements.

Azure AD

The first set of requirements surrounds your Azure AD environment:

  • You must have an Azure AD tenant (any Azure AD or Microsoft 365 subscription is sufficient)
  • You should have one or more verified domains in Azure AD

Note

The Microsoft Azure AD Connect documentation (https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites) lists a verified domain as a requirement, but functionally, you can install and configure Azure AD Connect synchronization without a verified domain. The user interface will display a warning, but you can proceed. Objects will receive a managed domain name (onmicrosoft.com) suffix when they are synchronized.

More Details

Leave a Reply

Your email address will not be published. Required fields are marked *