Using AZure Indtegration

I'm having issues understanding some of the documentation.

I'm bascially stopped at Configuring BackSync.  What is this for?  The details do not help me understand what is happening.  What is being synced?  Accounts from Azure back to my AD?  Doesn't ADConnect already do some of this?

I'm also trying to understand how the integration with AzureAD works in Active Roles.  I'm confused from the start with account creation.  I'm almost scared to even try it.  It feels like I'm creating two different accounts.  The wizard for a new user starts with creating an AD account then has a checkbox for creating an Azure account.  I don't want to create two different accounts I want them to be the synced by Azure.  Is this in relation to the BackSync from above?  I would like to know where I can read more about this.

Parents
  • Hello, Active Roles currently supports hybrid environments. This means that there is both an on-premise object and a corresponding object in Azure AD. The back synchronization process is used to populate an on-premise object's Active Roles virtual attribute (edsvaAzureObjectID) with that object's Azure AD object ID. This Object ID will allow Active Roles to map these objects together when performing queries against the Azure tenant to get and set attribute data.

    Your understanding of the creation process is correct. An on-premise AD object will always be created and if selected to do so, Active Roles will create the corresponding Azure AD object. This process will populate the edsvaAzureObjectID automatically once the Azure object is created. If you do not wish to have Active Roles create the Azure object then there is no need to select the option to do so. You can continue using AADConnect to handle this. However, without the edsvaAzureObjectID populated you will lose the ability to have Active Roles populate/update changes made to certain on-premise AD attributes. I hope this helps explain some these process a little better.

Reply Children