We unable to set BBcall attribute on AAD, is it by design or not ?
For example :
On premises AD :
https://morecovery.blob.core.windows.net/20170911/1.png
AAD :
https://morecovery.blob.core.windows.net/20170911/2.png
thanks.
By default, Azure AD does not have the attribute of BBcall.
In your scenario, I think we can use Azure AD connect to sync your on-prem users' attributes to Azure AD.
More information about Azure AD connect to sync attribute to Azure, please refer to this link.
Update:
We can use Azure AD connect to sync custom attribute, like this:
Related
Most of my customers have a split AD environment, they are logging into their machine via their local AD e.g. user1#domain1.net and accessing O365 with user1#fire.domain2.gov the UPNs do not match. The Azure tenant and Azure AD exist on the O365 UPN.
Only workaround we have found is to add the UPN fire.domain2.gov to the local AD object or add the O365 account to the local domain. Any other workarounds that might work and has anyone else ran into this?
I'm told Alternate login ID will not work. No, AltID is used with ADFS. There is no ADFS in La County anymore (Dan Jorenby)
We are trying to setup a deployment for an government entity in LA county where they already have a local Ad and AAD accounts for Office 365, but no sync is set between them. Do you have any suggestion on how he can bind them together to be able to use them in WVD?
In order to access your on-premises and Azure resources with single identity, you need to sync your user's objects from on-premises active directory to Azure Active directory via azure ad connect.
You need to create a custom domain in Azure in order to sync your user objects from on-premises to Azure.
Ex: you can configure a custom domain for fire.domain2.gov in azure. You can add the same domain name in on-premises by adding additional UPN suffix in Active directory domain and trust.
In order to get the detailed information check Article
According to the Azure AD B2C FAQ:
Can I use Azure AD Connect to migrate consumer identities that are stored on my on-premises Active Directory to Azure AD B2C?
Azure AD Connect is not designed to work with Azure AD B2C...
Then why is it displayed here? And what can you do with Azure AD Connect and B2C then?
The displaying of that link implies there's a relationship between the two of them (to me at least).
The FAQ is correct in stating that Azure AD Connect is not supported with Azure AD B2C along with several other features of regular Azure AD.
These features show up in the Users and Groups blade because that blade was built primarily for regular Azure AD. There is work underway so that this blade understands it's running in the Azure AD B2C context and only shows applicable features.
Then why is it displayed here?
This is because that when you want to manager users and groups in Azure AD B2C, you must use Azure AD to manage it. Azure AD B2C cannot leave Azure AD. When you are using Azure AD B2C, you would have used Azure AD to authenticate Identity. As #Saca said, that blade was for Azure AD.
And what can you do with Azure ADConnect and B2C then?
That FAQ is right, but you can still use Azure Connect to sync on-premise users to Azure AD. You can also use the synced users accounts to login Azure AD B2C. But after syncing , the user name would changed to .onmicrosoft.com.
If you still want use your local account email address for the synced username, you can refer to this document and this official support article.
We have various applications and each have its own user table. We are looking at the possibility of using Azure AD as a central authentication/authorization provider. Can Azure AD use our existing user tables when it does authentication/authorization? It seems we can import those users into Azure AD, but what if we just want to use the existing user tables, is there a way to do that? Thanks.
No, this is not possible in normal Azure AD.
It is possible to wire up your own claims provider to Azure AD B2C with custom policies.
But if you want to use your own store, you should probably just implement IdentityServer or similar yourself.
As Junnas said, we can't use custom database directly.
As a workaround, we can create on-prem Active directory and import your users to it, then install Azure AD connect to sync your users to Azure AD, in this way, the user name and password will store in your local Active directory, and Azure AD work as a authorization provider.
Hope this helps.
As the title says,
Can I use Azure AD Connect to connect an Azure AD and a local AD with the same domain name?
Azure AD domain: example.com
Local AD domain: example.com
Will it allow me to do it or will it end up in an error?
Or maybe it will only allow me to do specific setups? ie: Can do Password sync but not federate it.
Cheers!
Can I use Azure AD Connect to connect an Azure AD and a local AD with the same domain name?
Yes, that's how Azure AD works. And to ensure Azure AD connect to work successfully, we need to verify the domain for Azure AD first. More detail about this topic you can refer the links below:
Getting started with Azure AD Connect using express settings
Add a custom domain name to Azure Active Directory
We have synced our on prem active directory to our Azure instance active directory using Azure AD connect (Express install). We can see the users in Azure from our on prem AD. The sync shows as successful.
Now we would like to use the domain name that we have synced to azure for user authentication in to the azure portal. The documentation that we have read says this is possible, but we can get it to work.
When we try to use an existing AD user we get the message that “We don’t recognize this users ID or password” but if we create a new user in Azure and assign it to our synced AD we can use it to login to the azure portal.
We have searched for a detailed document on prem AD synced to Azure AD to use for portal login and found some documents that we followed but did not help.
Can we use our on prem AD user name and password to allow users to login to the Azure portal?
Thanks for your help
John
yes, you can use users in Azure AD with tag "Sourced from: Local Active Direcotry" to login to azure portal.
The custom domain should be verified.
Password Synchronization should be enabled.
Also, assign coadmin right for at least one subscription to login to Management Portal.