Designing an Identity Strategy
Managing Identity Sync
The course is part of this learning path
If your organization uses Active Directory (AD) for its identity management, and you would like to use those identities in Azure or Microsoft 365, then you will need to implement Azure Active Directory Connect.
This course is divided into three sections. The first section is on designing an identity strategy. In this section, we'll look at our AD identities and consider what work needs to be done and what we need to think about ahead of time. The second section is on implementing identity synchronization using AD Connect. We will consider what needs to be synced and what authentication options are available. In the last section, we'll look at managing identity synchronization using Azure AD Connect. We'll look at what it takes to manage and sync and reconfigure options after AD Connect has been initially configured.
- Design a hybrid identity solution
- Implement Azure Active Directory Connect
- Manage synchronized identities
- Azure administrators
- Microsoft 365 administrators
- Basic understanding of Active Directory and Office 365
- To do the examples yourself, you will need an on-premises Active Directory structure and an Azure subscription
For this next lesson, we're going to look at Azure AD Connect Health. We're going to have a look round the console and look at the information that it shows us and what we can do with that information. If you're an Azure AD Premium customer, you'll have access to what's called Azure Active Directory Connect Health within the Azure console. And we get to that by going to all services, then search for connect and it should appear there in the list.
So if we click on that and go over to sync errors on the left-hand side, we'll get shown a list of all the errors that may have appeared during the latest sync with AD. So if something has changed in AD and we've got a duplicate attribute for example here, we'll see that appear in the list. So if I click on this, we'll see that Abel has now got a duplicate email address or proxy address within her account. And if we click on that, we'll get some details appearing here of what the issue is. And we can see here that it's highlighted that we've got an SMTP address or a proxy address of "firstname.lastname@example.org" that's duplicated with another account for Alejandro here.
So we'd need to go back into our on-premise AD, where our identities are mastered and make sure that we remove or change this attribute in order to solve that problem. In order to get some alerts of these errors rather than having to go into the console, we can set up notification settings as well at the top here, which will email us the errors that come in. So we click on to turn this on and say we want to notify all global administrators and we can add in an email address here. And then simply click on save at the top here.
About the Author
Matt is a freelance system administrator with over 20 years of experience in IT. His current focus is on the great features of Microsoft Azure and Office 365. He’s always had a fascination for anything techie and loves learning and sharing that knowledge.