nice overview! I configured cloud sync in my lab environment after seeing your first vid on it. To see what it can do now and be able to test new features when the become available. cant wait for cloud sync to be able to provision new users in in on premises active directory :)
Old but gold as every John's video. As I can see writebacks are now supported (pwds, devices, groups, hybrid writeback as well). PTA is still not supported. Not sure about LDAP connect, it is not stated in documentation anymore.
Great vid John thanks. How about a migration from 1 to the other? Say I've got a AADC sync for M365 users and I want to shift to AADCCS - is that a thing or are we talking net-new for the use cases?
Superb video as always John! I visualise using a combination of these 2 tools for a company that has separate domains but want to share a single AAD instance - however if both have Exchange on-premise that would scupper Hybrid for Cloud Sync. I could PST migrate or cutover using a 3rd party tool for the AD forest that i plan to use Cloud Sync for to get around this until Cloud Sync matures. Does that sound about right (hyperthetically ignoring the Exchange Hybrid server for AAD Connect Microsoft Support matrix currently)?
Thanks, John! Never can understand MS logic - we have good tools, we are updating it weekly, but we will not do a perfect tool, we will create new one, and you will need to choose a perfect tool for your scenario (but they both not perfect).
Microsoft saw the approach Okta and other best of breed IDP’s were using for the last 10 years to solve these problems and “tried” to implement that same approach.
John, as part of AD Connect sync, some domain information is synchronized to AAD and allows Azure AD Joined devices to SSO to on-premises resources using the Primary Refresh Token containing the info and requesting Kerberos ticket to a domain controller. Do you know if Cloud Sync synchronizes the same info utilized in this process just as AADC does?
I’m still flummoxed by the need to have an exchange server on premise to manage user cloud mailboxes after the account is synced to Azure. We migrated from GSuite to O365. Never had exchange on premise. Green field local AD. If I synch a pilot account we have to either install a local exchange management server or use ADSI edit to do things like add secondary email addresses. We kind of stumbled into it by noticing that when a test account synced from AD and matched to the cloud account it wiped out all of the secondary email addresses that were previously on the cloud account. Then we had to adsi edit them on the AD side and synch again to get them back. Is there any other solution?
If you sync accounts from AD then AD is the source of truth and you have to manage them from on-premises AD. If you don't want to manage them from AD and only want in cloud then use cloud accounts.
@@NTFAQGuy Thanks for the reply. That’s what I figured. Unfortunately a local AD environment was created and all the users and machines attached to it prior to my coming on board. Would have been great to do this cloud only with Azure AD users, Intune and Autopilot. Next upgrade cycle perhaps. 😀👍
I'd be lost at times without the great explanations you provide 👍👍
Thank you, very kind
The most complete and accurate video on the subject I could find. Very nice!
Glad it was helpful!
nice overview!
I configured cloud sync in my lab environment after seeing your first vid on it. To see what it can do now and be able to test new features when the become available.
cant wait for cloud sync to be able to provision new users in in on premises active directory :)
It can as part of an HR flow. Been possible for a long time but not AAD to AD.
I thought u were able to do that from what was seen in the vid haha
I learned a lot! You transfer Your knowledge in such a clear way. Thank You
Glad it was helpful!
Awesome Explanation I've ever seen. All my doubts are crystal clear now & finally got the solution. Thanks a Ton John. Appreciated a lot.!
same here
I find your explanations easy to follow. I don’t know how you keep up with all you do though. Hats off and many thanks
Glad you like them!
Great explanation, love every bit of it. Thank you John 👍👍👍👍
great video John. Thankyou - super clear
Thanks John, excellent video.
Glad you enjoyed it
enjoying this video for today learning, thanks a lot!
Old but gold as every John's video. As I can see writebacks are now supported (pwds, devices, groups, hybrid writeback as well). PTA is still not supported. Not sure about LDAP connect, it is not stated in documentation anymore.
Microsoft should let you make these videos before they release new features , would make life easier for lot of people :) .
Lol
Thank you for this video . very detailled
Glad it was helpful!
Thank you so much, great vid
Amazing KT. Great content 👍
i have to say i really enjoyed the lesson. I am looking to ssetup azure AD connect. But i have couple hurdles I need to work out.
Very well explained, IN DEPTH 👌. I sooooo like your videos 🙏.
Thank you!
Thanks John, as usual your Awesome :)
Nice overview, another great video
Thanks
Thanks for the great explanation!
Excellent examples
Thank you!
One of the first top 10 commenters ;). Great video John.
Great Video John!
Please can you also share link for the whiteboard.
If it’s not in description means I didn’t save it. I only save the bigger, more complex ones.
@@NTFAQGuy Thanks John for confirmation! Will take screen grab then, even that is gold :)
GREMLINS HAHAHAAH YOU ARE THE BEST JOHN 😂🥳😄
Lol
It is absolute great video ...
Thank you
Thanks
Welcome
Thanks a lot!!!!
Thanks for vid. What about monitoring/reporting of sync (problems) with cloud sync? The regular AAD Connect provides that via the GUI tool.
there are various monitors and alerting options available.
Great vid John thanks. How about a migration from 1 to the other? Say I've got a AADC sync for M365 users and I want to shift to AADCCS - is that a thing or are we talking net-new for the use cases?
Yes you can migrate and you can start with pilot as I said in video and linked document then switch
Superb video as always John!
I visualise using a combination of these 2 tools for a company that has separate domains but want to share a single AAD instance - however if both have Exchange on-premise that would scupper Hybrid for Cloud Sync. I could PST migrate or cutover using a 3rd party tool for the AD forest that i plan to use Cloud Sync for to get around this until Cloud Sync matures. Does that sound about right (hyperthetically ignoring the Exchange Hybrid server for AAD Connect Microsoft Support matrix currently)?
Glad you enjoy the video. I would just validate features needed against the table
Great video!
Thanks!
Thanks, John!
Never can understand MS logic - we have good tools, we are updating it weekly, but we will not do a perfect tool, we will create new one, and you will need to choose a perfect tool for your scenario (but they both not perfect).
Tools take time to create and don’t instantly have all features.
Microsoft saw the approach Okta and other best of breed IDP’s were using for the last 10 years to solve these problems and “tried” to implement that same approach.
I suppose that cloud sync does not support hybrid exchange. Is that something one would need to consider? And also: thanks for the video.
All covered in the doc I referenced in the video and link in the description. It has exchange hybrid writeback as a line item.
Great video..!
Thanks!
Can you place your azure ad connect server in azure to perform on ‘prem to azure syncs’ rather then having it on premise?
yes, e.g. in iaas vm but have close to a DC, e.g. a DC in IaaS vm as well.
MIGHTY SUPERMAN RELEASED IT A YEAR AGO, AND MS PUBLISHED 5 MIN VIDEO TODAY, THIS IS WHAT I CALL A REAL "CHRISTMAS CAROL" 😁🎅🎄🎁 #IRONAZUREMAN 🤩😎
John, as part of AD Connect sync, some domain information is synchronized to AAD and allows Azure AD Joined devices to SSO to on-premises resources using the Primary Refresh Token containing the info and requesting Kerberos ticket to a domain controller.
Do you know if Cloud Sync synchronizes the same info utilized in this process just as AADC does?
No, it does not as that is write back.
I’m still flummoxed by the need to have an exchange server on premise to manage user cloud mailboxes after the account is synced to Azure. We migrated from GSuite to O365. Never had exchange on premise. Green field local AD. If I synch a pilot account we have to either install a local exchange management server or use ADSI edit to do things like add secondary email addresses.
We kind of stumbled into it by noticing that when a test account synced from AD and matched to the cloud account it wiped out all of the secondary email addresses that were previously on the cloud account. Then we had to adsi edit them on the AD side and synch again to get them back. Is there any other solution?
If you sync accounts from AD then AD is the source of truth and you have to manage them from on-premises AD. If you don't want to manage them from AD and only want in cloud then use cloud accounts.
@@NTFAQGuy Thanks for the reply. That’s what I figured. Unfortunately a local AD environment was created and all the users and machines attached to it prior to my coming on board. Would have been great to do this cloud only with Azure AD users, Intune and Autopilot. Next upgrade cycle perhaps. 😀👍