Great explanation as always John. Renewing my AZ-500 and found this topic. I have always used Connect for my projects. Thanks, now I know the two options! Blessings!
great video. I was getting my hopes up the entire video because I was hoping the cloud sync could be used for device objects, but I saw the comparison chart finally and it isn't yet supported (so you now know I watched all the way to the end!) We can't get regular sync to move devices so they show up in Azure as Hybrid-Azure AD joined for some reason. Back to the troubleshooting...
@@NTFAQGuy do you have suggestion on setting up AAD as the main identity manager and on premises server just a member to provide credential access to local resources (local software or network access devices).
@@NTFAQGuy Just working through one of your Pluralsight courses (great btw!) - is this the same as the AAD Connect Provisioning Agent (for linking HRM systems to auto create on-premise accounts)?
thank you john. that is excellent explanation. what happens if one of the company you are merging with already is part of another tenant but you want to merge it or including it to your tenant ? i just want only one azure AD tenant than multiple ones ?
Really helpful video. I’m really trying to determine if I can get away without deploying AD and just use Azure AD, this way I only worried about one thing. The environment has Windows and Macs.
Thanks John for the interesting video. I believe you wanted to direct us to another video at 4:21 but no link or video showed. It's actually something I'm looking forward to get an insight of. If you'd be so kind to share in the comment, it'd be appreciated greatly.
Great video. When this new method has matured and AAD Connect is depreciated, will there be an upgrade path to AAD Sync? Is it simply turn off AAD Connect and turn on AAD Sync?
Excellent video John. Keep up the great work🙏. Does it support single AD forest to multiple Azure AD tenant? Eg OU A syncing to Azure AD tenant A and OU B syncing to Azure AD Tenant B, with different UPN and SMTP?
Thank you for this and all the other presentations. Very well done. (L+S) What are your thoughts on just using the AAD Sync agent in Azure to replace on-prem ADConnect?
Hello John, Thank you for all the effort on providing us with the quality content both here on youtube and also on PluralSight. I have a question if you dont mind : We are currenty preparing to sync all the users from AD on premise to Azure AD,so far nothing special but once I knew that the company is already using a differente Identity for O365 (full cloud ) in the same time as the on premise Identity . the role of using the AZure Ad connect is to avoir the creation of new identities and exploite what we already have onpremise . Can you please suggest the best way to sync the on premise identities without losing what we already have online ? Thank you in advance
If you have existing objects the AAD Connect will try and find a match and connect them and will take over the AAD object. Check the docs for hybrid scenarios.
Do you have plans on unpacking the HRM Provisioning? I saw you explain some of how it works. Is this something that works with Dynamics365 HR or would we have to be using WorkDay or one of the one's mentioned particularly in the Microsoft Docs?
Muchas Gracias Profe, contigo hacia el AZ-104.... Just Remember,.... Convención Universal de Nombres (UNC), This Format, This Format, This Format, This Format, Unidad Organizativa OU=UOUsersAADcloudConnect, DC=avmnet, DC=algmal, DC=com Group CN=GS_Admin, DC=avmnet, DC=algmal, DC=com Aprovisioning user CN=Meg Griffin, OU=UOUsersAADcloudConnect, DC=avmnet, DC=algmal, DC=com
Thanks for the video, very well done, nice and clear. I have a question if you don't mind - We are currently using AAD Connect for password sync and have an on-prem Exchange for management but don't really want that. Can we use Cloud Sync for the password sync and ditch the on-prem Exchange, managing all Exchange attributes through O365 please?
I don’t focus on exchange so not sure if there are special considerations but if you become o365 only and ditch exchange on prem then I would expect everything possible via aad.
What is a "tier zero type of machine"? I search for it and it looks like it is fast storage, but not sure it is the same meaning used in 7:16 in the video
@John Savill As always, very informative and well explained. What application do you use to create the recordings and how do you get those rectangular boxes around the text, is it a feature of the recording app? Thank you, am never going to get off this train! :-)
Tricky one here I'm hoping you can clarify. Environment A is an onpremise AD forest (called company.local) and is syncing to an Azure AD tenant with AAD connect. Environment B (a completely separate and isolated onpremise AD also called company.local that someone has smartly named with the exact same forest name as Environment A). Can Azure AD cloud sync be used to sync objects from Environment B into the same tenant even though the two separate onpremise active directory domain forests are named the same thing?
Just revisiting this after your AAD Connect V2 Video. With this Cloud Sync, am i right that you can continue using normal AAD Connect and use Cloud Sync for separate AD Forests to popular a single M365 tenant (such as for a merger or acquistion scenario)?
Hey John - and fellow viewers, I have a query based on all of this. All the current tools seem to be built around the flow of synching on-prem AD objects to Azure AD. In our situation we cloud native but we now have a need to run legacy apps that don't support modern auth, SAML or OIDC. We don't want to suddenly start using AD for things that we are presently using Azure AD for and we want the minimum of 'stuff' to run to enable us to have an on-prem identity source for the legacy apps - If the AAD Cloud Sync coudl be configured to sync FROM Azure AD only that would be great but unless I'm missing something that is not the case? Are there any other good alternatives that can do what we want? We're even investigating using OpenLDAP and custom scripts to do this, but surely MS have thought of this scenario? Or some other party in the MS ecosystem? Any tips gratefully received!
@@NTFAQGuy Yeah I though as much. We have ADDS setup so we'll see how far we can get with that. Seems like a use case others might have, so we'll also look around at third party stuff that might exist. Thanks for checking back and giving an answer!
I have a need to synchronize all of Active Directory to one Azure AD and also synchronize all of Active Directory to a second Azure AD. If AD already has an Azure AD Connect synchronizing to Azure AD, can Azure AD Cloud Sync synchronize the same objects to a second Azure AD?
Unless it is at par with Azure AD Connect, i don't think many customers will be interested into this. This is like IaaS to PaaS migration with reduced feature set as of now. But in future, as it develops, it will be a replacement for AADC for sure.
Great explanation as always John. Renewing my AZ-500 and found this topic. I have always used Connect for my projects. Thanks, now I know the two options! Blessings!
I came looking for a Jane Fonda's workout yet here I stayed for the whole video and learned a few things! Thank you for the great content!
Lol
Thanks John, as always your videos are extremely informative.
Thanks for watching!
You are amazing John! Thank you for getting these great informative videos and helping us understand these concepts/features/services.
Very kind, thank you.
Marvelous, I'm going to sound like a right expert in tomorrow's workshop
lol, yay :-)
enjoying this video for today learning, thanks a lot!
Thank you so much for your awesome explanation! :)
it's brilliant the way you explain about technology. Thanks a lot. It helped me a lot.
Great to hear!
Amazing as always. Keep the good work going. Just wondering who is that one person who always dislikes your videos🤔 Can't you identify and block?
Lol no you can’t see :) haters gonna hate :)
This video is just amazing, Thank you for making this so clear!!
Thanks, John, for the explanation
You are doing a wonderful job !!
Very kind, thanks!
A gem you are Jhon. Thank you for this.
Very well explained. Thank you so much!
You're very welcome!
@@NTFAQGuy any plans for a deep dive on cloud app security or identity management in Azure?
@@inarizic4945 there is an entire aad playlist
This is incredibly helpful, thanks a lot!
Glad it was helpful!
Excelent explanation. Many thanks
great video. I was getting my hopes up the entire video because I was hoping the cloud sync could be used for device objects, but I saw the comparison chart finally and it isn't yet supported (so you now know I watched all the way to the end!) We can't get regular sync to move devices so they show up in Azure as Hybrid-Azure AD joined for some reason. Back to the troubleshooting...
you'll see it reach feature parity eventually. This is v1
Great video John, very useful as always. Thank you
Glad you enjoyed it
Thank you mate. As usual an excellent presentation.
Glad you enjoyed it
Very informative as always. Thanks John
Glad you enjoyed it
@John, As usual loved the content, But more than that loved the T-Shirt my fav :)
hehe, thanks
You explain stuff so well!
Thanks!
Excellent vid sir, you just got a new subscriber.
Awesome, thank you!
@@NTFAQGuy do you have suggestion on setting up AAD as the main identity manager and on premises server just a member to provide credential access to local resources (local software or network access devices).
Amazing explanation as always John - thanks for the knowledge share.
Glad you enjoyed it
@@NTFAQGuy Just working through one of your Pluralsight courses (great btw!) - is this the same as the AAD Connect Provisioning Agent (for linking HRM systems to auto create on-premise accounts)?
@@tony6626 yes, i do mention that in the video.
Another great video. Thank you John!
My pleasure!
We are moving most of our documents to Teams. Heard there is something on the way to mount these shares more like Network shares and drive mappings.
thank you john. that is excellent explanation. what happens if one of the company you are merging with already is part of another tenant but you want to merge it or including it to your tenant ? i just want only one azure AD tenant than multiple ones ?
There are documents walking through merger scenarios. Maybe I’ll do a video on that at some point. It’s not something I can answer in comments
Really helpful video. I’m really trying to determine if I can get away without deploying AD and just use Azure AD, this way I only worried about one thing. The environment has Windows and Macs.
Glad you like the video!
Thanks John for the interesting video. I believe you wanted to direct us to another video at 4:21 but no link or video showed. It's actually something I'm looking forward to get an insight of. If you'd be so kind to share in the comment, it'd be appreciated greatly.
OK there should have been a "i" in the corner but moved the clip so should be even more prominent now.
Thanks
Great video. When this new method has matured and AAD Connect is depreciated, will there be an upgrade path to AAD Sync? Is it simply turn off AAD Connect and turn on AAD Sync?
I'm sure yes there will be a published way to migrate cleanly.
Excellent video John. Keep up the great work🙏. Does it support single AD forest to multiple Azure AD tenant? Eg OU A syncing to Azure AD tenant A and OU B syncing to Azure AD Tenant B, with different UPN and SMTP?
Supported scenarios are documented at docs.microsoft.com/en-us/azure/active-directory/cloud-sync/plan-cloud-sync-topologies
Nicely done!
Thanks!
Thanks for your video, John. Is it support running both AAD connect and AAD cloud sync in the same AD forest environment with the same tenant ?
I covered this in the video
Thank you for this and all the other presentations. Very well done. (L+S)
What are your thoughts on just using the AAD Sync agent in Azure to replace on-prem ADConnect?
i have another video where i look at options.
Hello John,
Thank you for all the effort on providing us with the quality content both here on youtube and also on PluralSight.
I have a question if you dont mind :
We are currenty preparing to sync all the users from AD on premise to Azure AD,so far nothing special but once I knew that the company is already using a differente Identity for O365 (full cloud ) in the same time as the on premise Identity . the role of using the AZure Ad connect is to avoir the creation of new identities and exploite what we already have onpremise .
Can you please suggest the best way to sync the on premise identities without losing what we already have online ?
Thank you in advance
If you have existing objects the AAD Connect will try and find a match and connect them and will take over the AAD object. Check the docs for hybrid scenarios.
Hey John, you use tool to highlight specific control, a red rectangle or square comes up when you do screeshare and highlight. which tool is it?
13:59
Zoomit
Do you have plans on unpacking the HRM Provisioning? I saw you explain some of how it works. Is this something that works with Dynamics365 HR or would we have to be using WorkDay or one of the one's mentioned particularly in the Microsoft Docs?
No current plan but who knows. :-)
Muchas Gracias Profe, contigo hacia el AZ-104....
Just Remember,.... Convención Universal de Nombres (UNC), This Format, This Format, This Format, This Format,
Unidad Organizativa
OU=UOUsersAADcloudConnect, DC=avmnet, DC=algmal, DC=com
Group
CN=GS_Admin, DC=avmnet, DC=algmal, DC=com
Aprovisioning user
CN=Meg Griffin, OU=UOUsersAADcloudConnect, DC=avmnet, DC=algmal, DC=com
Thanks for the video, very well done, nice and clear. I have a question if you don't mind - We are currently using AAD Connect for password sync and have an on-prem Exchange for management but don't really want that. Can we use Cloud Sync for the password sync and ditch the on-prem Exchange, managing all Exchange attributes through O365 please?
I don’t focus on exchange so not sure if there are special considerations but if you become o365 only and ditch exchange on prem then I would expect everything possible via aad.
🤙🏻
What is a "tier zero type of machine"? I search for it and it looks like it is fast storage, but not sure it is the same meaning used in 7:16 in the video
No tier 0 refers to security and lock down of the machine.
What they really need is a tool that moves the AD profiles to the AAD profile. Older tools have some issues.
@John Savill
As always, very informative and well explained.
What application do you use to create the recordings and how do you get those rectangular boxes around the text, is it a feature of the recording app?
Thank you, am never going to get off this train! :-)
Have a playlist of my setup. Thx
@@NTFAQGuy Thanks. Are the red rectangular boxes in the demos a feature of OBS Studio or a mouse setting that allows you to do that?
@@MMTheWGA zoomit
@@NTFAQGuy Thank you :-)
No Password write back? So no SSPR for cloud sync users.
Great video, well explained, keep them coming.
not yet.
@@NTFAQGuy once write back turns up I'll be recommending this. Thanks again.
No device sync either, so doesn't look like it can be used for hybrid joined devices which is a shame.
I like the TV and ability to write on it. What is it called?
There is a playlist of the setup
@@NTFAQGuy k. Will review the video description.
Tricky one here I'm hoping you can clarify. Environment A is an onpremise AD forest (called company.local) and is syncing to an Azure AD tenant with AAD connect.
Environment B (a completely separate and isolated onpremise AD also called company.local that someone has smartly named with the exact same forest name as Environment A).
Can Azure AD cloud sync be used to sync objects from Environment B into the same tenant even though the two separate onpremise active directory domain forests are named the same thing?
I would check the docs for requirements and limitations. I've never even thought about this scenario.
Just revisiting this after your AAD Connect V2 Video. With this Cloud Sync, am i right that you can continue using normal AAD Connect and use Cloud Sync for separate AD Forests to popular a single M365 tenant (such as for a merger or acquistion scenario)?
yes.
Does this Sync only user accounts and not computer objects from On-perm to Cloud?
Not today
Hey John - and fellow viewers, I have a query based on all of this. All the current tools seem to be built around the flow of synching on-prem AD objects to Azure AD. In our situation we cloud native but we now have a need to run legacy apps that don't support modern auth, SAML or OIDC. We don't want to suddenly start using AD for things that we are presently using Azure AD for and we want the minimum of 'stuff' to run to enable us to have an on-prem identity source for the legacy apps - If the AAD Cloud Sync coudl be configured to sync FROM Azure AD only that would be great but unless I'm missing something that is not the case? Are there any other good alternatives that can do what we want? We're even investigating using OpenLDAP and custom scripts to do this, but surely MS have thought of this scenario? Or some other party in the MS ecosystem? Any tips gratefully received!
No. Only way would be azure ad domain services.
@@NTFAQGuy Yeah I though as much. We have ADDS setup so we'll see how far we can get with that. Seems like a use case others might have, so we'll also look around at third party stuff that might exist. Thanks for checking back and giving an answer!
When we install cloud sync it looks machine is domain controller
It can be but does not need to be and not really recommended. Just another tier 0 box
Could you copy an on prem user out of an OU synced by AAD Connect and in to an OU synced by AAD Connect Cloud Sync without issues?
by issues, I mean not losing the O365 user account as it is no longer synced via AAD Connect.
it should not care how its sync'd but test first lol
I have a need to synchronize all of Active Directory to one Azure AD and also synchronize all of Active Directory to a second Azure AD. If AD already has an Azure AD Connect synchronizing to Azure AD, can Azure AD Cloud Sync synchronize the same objects to a second Azure AD?
I do not believe so if it’s the same users. A user can only be replicated once. Check the supported scenarios document.
It has too many things missing at this point. We run Hybrid Exchange and some of the other features that it doesn't have yet.
Yep, then for now you stay on AAD Connect :-) All about features used and what makes most sense.
Unless it is at par with Azure AD Connect, i don't think many customers will be interested into this. This is like IaaS to PaaS migration with reduced feature set as of now. But in future, as it develops, it will be a replacement for AADC for sure.
Lol. People use different capabilities. Each org will weigh independently but obviously you can have your opinion :)
🇬🇧 JSuperman 🎹 🚵♀️ great new tool , let's play
Hehe
The video's color is darker than usual
🤷♂️