This is by far one of the best, clear and concise tutorials on AADConnect, I have subscribed and will be watching the remaining videos. I learned more in 30min than I have reading numerous post/blogs.
I usually don't hit "Like" on RUclips videos,, and I defiantly don't Like video before watching them, except your videos , I started to hit like Before I even watch them. Amazing Job
These videos are very well done. There are lots of videos on RUclips showing the same thing but your presentation is particularly clear and easy to understand, thank you!
@@ConceptsWork ..Hello sir,, you are explaining in so layman language that we feel it so easy to understand, 5 stars for your great work... you are just brilliant...
I have seen many tutorials but to be honest this channel got by far the best tutorials in Azure AD, ADConnect, ADFS :) Do you have any premium course that i can subscribe? If not please add that in to your road map :)
Thanks Siva, We don't have any premium course plans, but we will post everything most of public content here. If you come across any issues, please feel free to reach us @ learnconceptswork@gmail.com
Man is struggling with the language! that tongue is not happy, hmmmm hm, not at all! it must be a real achievement to be able to go through and teach in a language you do not quite master. Great content though, saving me a lot of bother. It's just hard not to focus on that accent. Thank you for the presentation, best content on the subject so far for me
Thanks for such a point to point videos.. I have one query If we enable SSO for 3 Domain in a forest, will the portal asking me for all the three Domains' DA credential and create the AZUREADSSOACC in all the three domains?
Suggestion- Although, I know you must be aware, but please update on 'Methods' slide federation can be used along with password hash sync as a backup. Obviously, only when client's legal and compliance allows.
Exactly, thanks for bringing this up, yes we can have password hash as a backup for ADFS. Also, you can sync password for Identity protection credential theft checksum , will be covering this in lot more details in my up coming video.
Thanks for your Wonderful session. I have to migrate ADFS 2012 R2 to 2016 and also migrate AAD connect as well. Can you please provide any refference link or Videos for migration. It will help me lot...
Thanx for the great video , I have a question please , how to add a new OU TO THE SYNC CYCLE after the initial ad connect setup and configuration , like after few days from the initial setup we required to add another OU TO BE SYNCHED TO AZURE AD
Any Significance of using builtin accounts for different sources like Onprem Connector, Cloud Connector and an account used for syncing the identities?Can I use my custom accounts instead using these msol, sync, AAD accounts and if Yes, what difference it is going to make to my environment? Can I use Mobile Number as preferred UPN to sign-in to my Online services getting authenticated via Azure AD?
You can use builtin Objects as well, but make sure all of them have the required privelages. Click here to check permissions - docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions You cannot use Mobile phone, check this video to know how HRD happens with upn and email - ruclips.net/video/IhmNXSNL2zg/видео.html
Hello, Great work. Have a question, typically when Internal AD Domain Names or UPN are not same as what organization may have externally (like internal UPN may be username.den.local) and externally might be username.lion.com (as registered domain): In that case, one will only be able to register and verify lion.com and thus, at 22:38 mins of your video, shall one select EMAIL and not UPN? Secondly: In event when AADConnect is configured to full sycn (default config of AD Connect) Also in that case, when users login to o365 or outlook online, they have to use their email id (which of course is public id) or can they also use den/username for login? Thanks in anticipation. Regards.
You can choose email or UPN, but what you must ensure, whichever attribute you choose, the suffix should be a verified domain. So, if we have users on-prem like “user@conceptswork.local”, but the email is “user@conceptswork.com”; In this case while installing AAD Connect, I will select email to be synced as UPN. You cannot user any other value apart from UPN to sign in to any service which uses azure AD. How it works? When the user gets redirected to login.microsoftonline.com and types username which has to be (user@domain.com), in this case domain.com is used to check what type of user is trying to sign is it federated or managed.
Awesome Video, may i know why you didn't checked the password writeback option, as it would be handy to have write privelege both ways, or does it require any further configuration if we check that box?
Question is not related to AAD but I have a different question 1. Why Microsoft Azure having 3 Fault Domain (why not more than 3 or less than 2) 3. Also Why there is 3 availability zone, why not more/less
This is by design configuration, as the schema object doesn't list these values, please click here to check the schema object. gallery.azure.com/artifact/20161101/Microsoft.AvailabilitySet-ARM.1.0.1/UIDefinition.json
Hello All, I have one issue regarding synchronization, The Issue is I was configured a hybrid azure ad joined devices but unfortunately I had deleted the devices in the on-premises active directory directly 2 months back, after that I had run the sync cycle with the help of Azure AD connect server but the HAADJ devices are available in azure portal still. How we can delete the devices which are available in the Azure portal.
@@ConceptsWork yeah we can delete those devices directly from the portal. So, my question is why those devices are showing in the AD connect server for 2 months after deletion from on-premises AD. i can see the device and devices id's as well.
Yes, if your domain is managed, make sure it is in sync scope and if your domain is federated make sure the authentication works properly. Soon, I will be posting video for entire device management of Azure AD.
How can we check what are the passwords of all the service accounts created automatically? Also how and in what scenarios we can change passwords of these service accounts?
Checking password doesn’t make sense as these are service accounts, but you can change the password. If you change the password then you have to update it manually in the respective containers.
Hi , It is a great video, I have one query on this the created account it is seen using a password which we have not set so how we can check this password and if we can change the password there is any issue has happened
You should manually not change the password of the service account, but the password on connector accounts can be updated. it is recommended not to make any changes, but lets say you make change to MSOL account password, then just get it updated on the connector.
It will be good to update 5:09 in the video. The new requirement is Domain Joined Windows Server 2012 R2 or later
Thanks Milan, I have pinned your comment to the top so it can help everyone.
This is by far one of the best, clear and concise tutorials on AADConnect, I have subscribed and will be watching the remaining videos. I learned more in 30min than I have reading numerous post/blogs.
Glad it was helpful!
@@ConceptsWork Indeed it is very helpful. Thanks
The best of the best videos for Azure AD on the internet! NO ONE OF!!!
I usually don't hit "Like" on RUclips videos,, and I defiantly don't Like video before watching them, except your videos , I started to hit like Before I even watch them. Amazing Job
Thanks for giving your time to our content, much appreciated.
These videos are very well done. There are lots of videos on RUclips showing the same thing but your presentation is particularly clear and easy to understand, thank you!
Glad you like them!
I would highly encourage you, Please do post theory with practical would get more sence. .... Superb
Hi master of IT, i just to say thanks a lot for share their amaizing skills, greetings from Monterrey México.
These videos are exactly what I was looking for. Thanks for putting them together.
Thank you so much! I'm your #1 FAN - Well Explained. To be honest, no question at the moment.
Great videos... Clear cut.. Pls do keep posting more on different azure technology and practices
I wanted to say thank you. Setting this up and I am all new to it. Your videos are the best. Thank you for your time. CR
Great to hear!
@@ConceptsWork ..Hello sir,, you are explaining in so layman language that we feel it so easy to understand, 5 stars for your great work... you are just brilliant...
one of the good video on AD connect concept
Glad it was helpful!
This video is really informative. Thank you for sharing.
Glad it was helpful!
I have seen many tutorials but to be honest this channel got by far the best tutorials in Azure AD, ADConnect, ADFS :) Do you have any premium course that i can subscribe? If not please add that in to your road map :)
Thanks Siva,
We don't have any premium course plans, but we will post everything most of public content here.
If you come across any issues, please feel free to reach us @ learnconceptswork@gmail.com
Very Nice video....
Thanks
Man is struggling with the language! that tongue is not happy, hmmmm hm, not at all! it must be a real achievement to be able to go through and teach in a language you do not quite master. Great content though, saving me a lot of bother. It's just hard not to focus on that accent. Thank you for the presentation, best content on the subject so far for me
Could you please include topic on Sync rules to send the objects to the cloud based on the attribute value.
We will create video for sync rules as well.
@@ConceptsWork Thanks a lot. Waiting for your next series of videos.
Awesome explanation
Thanks for such a point to point videos.. I have one query If we enable SSO for 3 Domain in a forest, will the portal asking me for all the three Domains' DA credential and create the AZUREADSSOACC in all the three domains?
This account is created in each forest. If you have multiple domains and one forest, there will be one account.
@@ConceptsWork thank you..
Suggestion- Although, I know you must be aware, but please update on 'Methods' slide federation can be used along with password hash sync as a backup. Obviously, only when client's legal and compliance allows.
Exactly, thanks for bringing this up, yes we can have password hash as a backup for ADFS. Also, you can sync password for Identity protection credential theft checksum , will be covering this in lot more details in my up coming video.
@@ConceptsWork That would be intresting, looking forward.
Thanks for your Wonderful session. I have to migrate ADFS 2012 R2 to 2016 and also migrate AAD connect as well. Can you please provide any refference link or Videos for migration. It will help me lot...
Migration ADFS - docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server
Thanx for the great video , I have a question please , how to add a new OU TO THE SYNC CYCLE after the initial ad connect setup and configuration , like after few days from the initial setup we required to add another OU TO BE SYNCHED TO AZURE AD
In connector properties, there is an option to select OU's.
Thanks for the tutorial. Very useful indeed.
Glad you think so!
Awesome sir
Any Significance of using builtin accounts for different sources like Onprem Connector, Cloud Connector and an account used for syncing the identities?Can I use my custom accounts instead using these msol, sync, AAD accounts and if Yes, what difference it is going to make to my environment? Can I use Mobile Number as preferred UPN to sign-in to my Online services getting authenticated via Azure AD?
You can use builtin Objects as well, but make sure all of them have the required privelages.
Click here to check permissions - docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions
You cannot use Mobile phone, check this video to know how HRD happens with upn and email - ruclips.net/video/IhmNXSNL2zg/видео.html
Very informative
Very informative.
Hello, Great work. Have a question, typically when Internal AD Domain Names or UPN are not same as what organization may have externally (like internal UPN may be username.den.local) and externally might be username.lion.com (as registered domain): In that case, one will only be able to register and verify lion.com and thus, at 22:38 mins of your video, shall one select EMAIL and not UPN?
Secondly: In event when AADConnect is configured to full sycn (default config of AD Connect) Also in that case, when users login to o365 or outlook online, they have to use their email id (which of course is public id) or can they also use den/username for login? Thanks in anticipation. Regards.
You can choose email or UPN, but what you must ensure, whichever attribute you choose, the suffix should be a verified domain.
So, if we have users on-prem like “user@conceptswork.local”, but the email is “user@conceptswork.com”;
In this case while installing AAD Connect, I will select email to be synced as UPN.
You cannot user any other value apart from UPN to sign in to any service which uses azure AD.
How it works?
When the user gets redirected to login.microsoftonline.com and types username which has to be (user@domain.com), in this case domain.com is used to check what type of user is trying to sign is it federated or managed.
@@ConceptsWork Thanks, that clarifies. Keep up the good work...
Awesome Video, may i know why you didn't checked the password writeback option, as it would be handy to have write privelege both ways, or does it require any further configuration if we check that box?
For password write there are 3 videos, that cover the permissions part.
@@ConceptsWork Thanks Mate, would you be kind enough to share the url for those 3 videos please
ruclips.net/video/E24eO3tvKYE/видео.html
U r amazing
Question is not related to AAD but I have a different question
1. Why Microsoft Azure having 3 Fault Domain (why not more than 3 or less than 2)
3. Also Why there is 3 availability zone, why not more/less
This is by design configuration, as the schema object doesn't list these values, please click here to check the schema object.
gallery.azure.com/artifact/20161101/Microsoft.AvailabilitySet-ARM.1.0.1/UIDefinition.json
thanks for the video.
'Adding and verifying Domain' not clear about this part. What exactly needed? can u pls help on this?
Please find the link mentioned below.
support.office.com/en-us/article/connect-your-domain-to-office-365-cd74b4fa-6d34-4669-9937-ed178ac84515
@@ConceptsWork : Thanks. Your previous video had cleared my doubt.
AAD_* service account is not getting created. can you please suggest some troubleshooting methods.
Thankyou!
Sir, Any option that we can use few users for PHS & others for PTA?
No that's not possible, this is a directory wide change.
awesome stuff. thank you.
Glad you liked it!
Hello All,
I have one issue regarding synchronization, The Issue is I was configured a hybrid azure ad joined devices but unfortunately I had deleted the devices in the on-premises active directory directly 2 months back, after that I had run the sync cycle with the help of Azure AD connect server but the HAADJ devices are available in azure portal still.
How we can delete the devices which are available in the Azure portal.
You can delete those devices directly from portal.
@@ConceptsWork yeah we can delete those devices directly from the portal.
So, my question is why those devices are showing in the AD connect server for 2 months after deletion from on-premises AD. i can see the device and devices id's as well.
thank you!!!
You're welcome!
Sir, can a vm be hybrid azure ad joined?
Yes, if your domain is managed, make sure it is in sync scope and if your domain is federated make sure the authentication works properly. Soon, I will be posting video for entire device management of Azure AD.
How can we check what are the passwords of all the service accounts created automatically? Also how and in what scenarios we can change passwords of these service accounts?
Checking password doesn’t make sense as these are service accounts, but you can change the password. If you change the password then you have to update it manually in the respective containers.
Hi , It is a great video, I have one query on this the created account it is seen using a password which we have not set so how we can check this password and if we can change the password there is any issue has happened
You should manually not change the password of the service account, but the password on connector accounts can be updated.
it is recommended not to make any changes, but lets say you make change to MSOL account password, then just get it updated on the connector.