• State Verified Answer
  • Replies 5 replies
  • Subscribers 62 subscribers
  • Views 841 views
  • Users 0 members are here
Options
Related

How often should Azure backsync run?

rws
2 months ago

Is there a best practice or recommendation for how often Azure backsync should run?  

Also, any issue with running the initial pass during the day or should that be scheduled for after hours?   Thank you.

Parents
  • 0 2 months ago

    This is a classic case of "it depends"

    Does your identity and/or group provisioning originate on-premises or in the cloud?

    What on premises processes (automated or manual - if any) depend on the Azure Object IDs being present on their equivalent objects in Active Roles?

    How time sensitive are those processes?

    When it comes to user provisioning, I usually set things up for my customers (who initially provision in on-prem AD) such that there is no need for back synch for user objects because of the way I have an Active Roles Change Workflow provision the cloud user right after an on-premises user is created - I.E. the Azure Object ID gets written back at the time of provisioning

  • 0 2 months ago in reply to JohnnyQuest

    TBH I am struggling to understand the need for the backsync to run.  We dont have any processes that would need the azure object IDs on their equivalent objects in AR right now.    Right now users and groups all originate on premise and then are synced to Azure via AAD Connect.   Last night we connected AR to Azure and so we can see both the local objects and their equivalent Azure objects in Active Roles web.  Reading through the documentation it looks like the next step was to configure backsync, which we did but a little hesitant to let it run during the day.  What benefit would this give us in our current state?  We  are looking to migrate all of our local distribution lists to Azure at some point and start creating DLs in the cloud instead of on prem, so maybe there would be some value at that point?

  • +1 2 months ago in reply to rws

    The main point of the Azure BackSync is to turn the Active Roles Web Interface into a "single pane of glass". It will allow you to look at your on-prem users and view/modify Azure properties, without requiring your users to also leverage other native Microsoft tools.

    It creates a connection for your hybrid users.

    If you don't want to use it, you will still be able to manage cloud objects using the Active Roles Web Interface. If you search under the Azure node, you can still find the cloud account for your on-prem users and view/modify their Azure attributes and licenses as much as Microsoft allows via their current API's.

Reply
  • +1 2 months ago in reply to rws

    The main point of the Azure BackSync is to turn the Active Roles Web Interface into a "single pane of glass". It will allow you to look at your on-prem users and view/modify Azure properties, without requiring your users to also leverage other native Microsoft tools.

    It creates a connection for your hybrid users.

    If you don't want to use it, you will still be able to manage cloud objects using the Active Roles Web Interface. If you search under the Azure node, you can still find the cloud account for your on-prem users and view/modify their Azure attributes and licenses as much as Microsoft allows via their current API's.

Children
No Data