This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Azure AD ImmutableID

Hi,

we are running our MS Azure environment in an hybrid mode, meaning that our on-prem MS AD account GUID should be linked with the MS Azure AD Account ImmutableID attribute.

We are right now discussing if we should further use AD Connect to synchronize on-prem AD accounts to the Azure domain or should we use IAM functionality to generate the AAD account. In the second case it would be easier for us (no process has to wait an look till the AAD accounts was generated), we could turn off AD connect but we have to set the ImmutableID attribute right.

Has anybody solved this kind of issue ? any recommendations / feedback / lessons learned ?

Thank you

CU all

Wolfgang

Parents

0 Paul Walker over 7 years ago

Hi Wolfgang, thanks for your question, we actually have customers who do both methods, some use AD.Connect whilst others use Identity Manager itself. For the reasons you mention, more control, more configuration, the ability to tailore the implementation exactly to your needs. In the early days AD.Connect was not that great, the scheduling wasn't great for one thing but things have improved over time for sure. As i mentioned we have customers who are mastering the immutable ID themselves.

Best,
PaulW
Cancel
Up 0 Down

Cancel

Reply

0 Paul Walker over 7 years ago

Hi Wolfgang, thanks for your question, we actually have customers who do both methods, some use AD.Connect whilst others use Identity Manager itself. For the reasons you mention, more control, more configuration, the ability to tailore the implementation exactly to your needs. In the early days AD.Connect was not that great, the scheduling wasn't great for one thing but things have improved over time for sure. As i mentioned we have customers who are mastering the immutable ID themselves.

Best,
PaulW
Cancel
Up 0 Down

Cancel

Children

No Data