Where Our Identities are Mastered
Start course

If your organization uses Active Directory (AD) for its identity management, and you would like to use those identities in Azure or Microsoft 365, then you will need to implement Azure Active Directory Connect.

This course is divided into three sections. The first section is on designing an identity strategy. In this section, we'll look at our AD identities and consider what work needs to be done and what we need to think about ahead of time. The second section is on implementing identity synchronization using AD Connect. We will consider what needs to be synced and what authentication options are available. In the last section, we'll look at managing identity synchronization using Azure AD Connect. We'll look at what it takes to manage and sync and reconfigure options after AD Connect has been initially configured.

Learning Objectives

  • Design a hybrid identity solution
  • Implement Azure Active Directory Connect
  • Manage synchronized identities

Intended Audience

  • Azure administrators
  • Microsoft 365 administrators


  • Basic understanding of Active Directory and Office 365
  • To do the examples yourself, you will need an on-premises Active Directory structure and an Azure subscription

When managing our synced identities, one key bit of information we need to remember is the fact that objects are mastered in our on-premise AD structure. So this means that if we need to make changes and edits to any of our users, this needs to be made on our on-prem AD structure. Once those changes are made, Azure AD Connect will then synchronize those up to Azure AD, and you'll see those changes after the next synchronization run. 

Also, another interesting fact is that when objects are deleted on-prem, they are soft deleted in Azure AD. So if we delete one of our users on-prem, that user will be removed in Azure AD, but it'll go into an area where it can be restored within 30 days. So if we have the AD Recycle Bin enabled on our on-premise AD structure, we can restore that object, wait for the next sync cycle, and that object will reappear in Azure AD.

About the Author

Matt is a freelance system administrator with over 20 years of experience in IT. His current focus is on the great features of Microsoft Azure and Office 365. He’s always had a fascination for anything techie and loves learning and sharing that knowledge.