Thenews that AADConnect is now GA is great for anyone battling with synchronizing to Azure Active Directory (Azure AD or AAD). This tool really is going to be the start of connecting your business to Microsoft’s cloud solutions:
- Office 365
- And many more, including third-party solutions via AAD single sign-on
Why? Because you need to get users into the common AAD before these services become meaningful. I’ve used AAD in two different preview releases and found it really simple to get going. Any work that I’ve done with Azure RemoteApp has be done with this tool. Why didn’t I use DirSync? Because I found it to be unreliable. AADConnect solves a big problem too – which AD sync tool should I use – now you use just one tool.
According to Microsoft:
With a rich set of sync and write-back capabilities, you can:
- Enable your users to perform self-service password reset in the cloud with write-back to on premises AD
- Enable provisioning from the cloud with user write back to on premises AD
- Enable write back of “Groups in Office 365” to on premises distribution groups in a forest with Exchange
- Enable device write back so that your on-premises access control policies enforced by ADFS can recognize devices that registered with Azure AD. This includes the recently announced support for Azure AD Join in Windows 10.
- Sync custom directory attributes to your Azure Active Directory tenant and consume it from your cloud applications
You can also use AADConnect to connect different AD forests.
In related news Azure AD Connect Health was also released to help customers troubleshoot what’s going on with ADFS. This new feature is included in Azure AD Premium.
This release for ADFS has 3 key capabilities:
- Alerts based on events, configuration information, synthetic transactions and perf data. So, when something goes wrong, or is about to go wrong, we let you know.
- Graphs of login activity that you can pivot multiple ways for easy viewing. These “usage insights,” are accessible when you enable auditing on your ADFS servers. They are based on audits generated when user’s login and tokens are generated for applications.
- Access to key performance indicators across multiple servers, including token request counters, processor, memory, latency, and so forth