What is Azure AD Connect?
Its a Microsoft tool that created for helping IT managers in Hybrid environment. This tool is included multiple options of synchronizations that we can define between active directory to Exchange Online (365). This is a free tool that everyone who have Azure subscription can use it.
Password hash synchronization (PSH):
We will use this method to perform hybrid identification, this means, Azure AD is synchronizing the hash of all user passwords from the On-Prem Active Directory to Azure Active Directory and the pasword are saved there, which allows us to connect to Microsoft cloud services and On-Prem services with the same password. Since the hash of the users’ passwords is stored in Azure, the users can be authentication to Microsoft cloud services even if the Domain Controller on in our organization is unavailable to us. This synchronization method helps us to reduce the number of passwords in the organization that instead of a user having two passwords, he will have one unique password.
Hierarchy (Takes from microsoft.com)
Pass-through authentication:
Similar to PHS, This method also performs identification against the on-prem and cloud services using one unique password, which is a better experience for the organization’s employees as they only have to remember one password and in addition, its reduces the number of calls that the users will make to the Help Desk department in the organization. because the chance that a user will forget his unique password is low. Unlike HS, On this authentication method when we are authenticate against one of Microsoft’s cloud services, The process that takes place behind the scenes will verify the password with the On-Prem Domain Controller in real time.
Hierarchy (Takes from microsoft.com)
Federation integration:
This option allows you to configure federation with on-premises Active Directory Federation Services (AD FS). When users are on the corporate network, we have the ability to allow them connect to Azure AD based services without having to re-enter their passwords. Because the Azure Ad services uses the user’s local password and the connection is actually made without require additional typing of the password.
Synchronization:
This service is responsible for creating users, groups and other objects. It also verifies the identity of your local users and groups against the cloud services. This synchronization are using in Password hash synchronization method, So the password hashes of local users are saved in the cloud.
Health Monitoring:
It is A plugin that helps us monitor the Services that are responsible for the synchronization in AD-Connect and our identity at the infrastructural level in On-Prem.
This Article Was Written By Matan Sigavker
