I have a cu they have two tenant like Azure Global and Azure China, and they have a one on-prem AD, they want synchronization the on-prem AD to both Azure Global and Azure China, I have found the internal KB explain this solution but used the ADFS, the cu will be change the ADFS to the password hash synchronization.
Is this solution is supported and can be implement?
And any advice for this?
Thank you.
solution arch
Related
I want to increase my usage of managed service identities for azure resources (aka MSI).
This works perfectly within my azure ecosystem of course, but we have this one single oracle on-premise database that uses a simple user+pw credential.
Afaik there is Oracle Identity Federation (OIF) that can integrate with (non-Azure) Active Directory via ADFS.
Is there a way I can use this with Azure AD as well?
Cheers
we have been using office 365 E3 for the past number of years. we would like to configure a windows 2019 essentials server locally for file storage and a few shared applications (ie quickbooks multi-user).
is there a process to pull the user information from azure active directory to the local server? any advice is greatly appreciated.
thank you!!
If my understanding is correct, you really want is to be able to grant admin rights to your Azure AD users and allow them to login to the server with their regular Azure AD credentials.
If yes, then most optimum way of doing is to have on prem AD and have you user synced up from Azure AD to local AD. Azure AD Connect comes pretty handy in this scenario.
You can also take a look at Azure AD DS, Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication that is fully compatible with Windows Server Active Directory. You use these domain services without the need to deploy, manage, and patch domain controllers in the cloud. Azure AD DS integrates with your existing Azure AD tenant, which makes it possible for users to sign in using their existing credentials.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/overview
Check this link as well for additional reference:
https://serverfault.com/questions/808047/how-to-manage-on-premise-servers-using-azure-ad-credentials
Hope it helps.
Background:
We have a samba file server using security = user, authenticating users in local linux, works great.
We migrated our cloud solution to Office 365, which includes a Azure AD.
Question:
Is that possible to Samba authenticate users in Azure AD and map to local linux users?
I wouldn't like to join samba as domain member, actually, don't even know if it is possible, too cumbersome.
I'd like a simple solution to this issue.
According to the note of the offical document Overview of Azure Active Directory authentication over SMB for Azure Files (preview), as below, it seems to be impossible for authenticating Samba with AAD although this document is for Azure File Storage.
Azure AD authentication over SMB is not supported for Linux VMs for the preview release. Only Windows Server VMs are supported.
However, a workaround way I think is to combine a LDAP with Azure AD and then to authenticate Samba with LDAP. You can try to refer to the documents below to know how to do.
Configure secure LDAP (LDAPS) for an Azure AD Domain Services managed domain
LDAP-based authentication for Samba
As above, it seems to be not a simple solution. Maybe you need to consider for your scenario using Samba to develop a web application with Azure AD authentication.
How do I migrate an existing OU-structure from the old AD to the new Azure AD?
I have been trying to configure the Azure AD Connector Synchronization Tool for this but without success. Not sure what configuration it is supposed to have.
Anyone know? Thanks.
Do you mean the “old AD” is on-premise AD? In some ways, Windows Azure AD is an extension of the on-premise Active Directory, but not all features available in Azure AD. Azure AD does have a domain name, it does contain users and groups. It contains Service Principals, like on-premise AD, that represent applications. But there is no tree of domains, no trusts between domains or forests. Indeed there are no forests, no Group Policy, no OUs.
If you want to create OU, please try Azure AD Domain Services which supports to create custom Organizational Units and group policy in some limited way.
https://azure.microsoft.com/en-us/documentation/articles/active-directory-ds-features/
My small company (about 100 users) is currently using Office 365. There have previously not been any domain controller. I am building an on premise domain controller and want to sync it with Azure Active Directory (Office 365). I used the sync service, with a small subset of users to no avail.
My main question: Can you sync FROM an Azure Active Directory to a new on premise Active Directory? My understanding is that it's the opposite - the on premise Active Directory is the "master" if you will. Is there a way to set it up the opposite? As in, Office 365 being the "master" or "seed" for an on premise?
At present, the Azure AD connect support the Password writeback, Group writeback and Device writeback.
You can refer the options features of Azure AD Connect from here.
At this point in time, synchronizing users FROM Azure AD to on-premises AD is NOT possible.
As Fei Xue pointed out, there are certain things (such as user passwords, groups and devices) that can be synchronized back to on-prem AD, but not users.
Depending on what you are trying to achieve, Azure Active Directory DS might be worth exploring as it allows you to create a VNet in Azure which has a AD-like support (LDAP, Active Directory domain join, NTLM, and Kerberos authentication).
More info on Azure AD DS: https://azure.microsoft.com/en-us/services/active-directory-ds/