Migration of users/groups to Azure active directory from multiple forest (Network Steve Forum)

Migration of users/groups to Azure active directory from multiple forest

Hi,

We have one requirement to integrate/move users/groups from multi-forest, multi-domain AD environment to Azure Active directory and manage the password of users. I knew that FIM provides the AAD connector to move the user/groups object to AAD. Request you please suggest me for the below.

1. Where we need to deployee FIM - On premise or on cloud?

2. Whats are the others main things we need to consider for solution.

3 What about the FIM SSPR. Does it support the password reset on AAD.

4. is there any document for it?

Thanks

Harry

Edited by Harry-Harry Wednesday, July 29, 2015 2:12 PM

July 29th, 2015 2:11pm

Thanks for response Nosh.

Now the question is how to sync the password from native domain to azure active directory on cloud.

As per the below link Azure AD (AAD) management does not support the password synchronization.

Note :

The Password Hash Sync feature available in DirSync is not supported with FIM2010 and the AAD Connector.

This connector does not support any password management scenarios

https://msdn.microsoft.com/en-us/library/azure/dn511001.aspx

The question is how password can be synchronized to AAD in real time.

Second question is : in the existing environment, there are multiple forest and multiple domain. Does FIM SSPR support to reset the password in multiple forest and multiple domain.

Thanks

Harry

Free Windows Admin Tool Kit Click here and download it now

July 30th, 2015 10:46am

HMM. I guess I missed this.

I guess the only other option is ADFS.

July 30th, 2015 11:42am

AAD Sync and AAD Connect both support multi forest synchronization scenarios as well as password sync.

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/
http://blogs.technet.com/b/ad/archive/2014/04/21/new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-support.aspx

Edited by Cameron Zivkovic 5 hours 48 minutes ago

Free Windows Admin Tool Kit Click here and download it now

July 30th, 2015 9:38pm

I haven't cranked up the latest MIM 2016 build yet (or any of the builds for that matter), but can anyone advise if 2016 can handle password hash to Azure (I would hope so)?

Surely we are going to see MIM 2016 any day now? is it worth the op waiting for?

July 30th, 2015 10:07pm

AAD Sync and AAD Connect both support multi forest synchronization scenarios as well as password sync.

Edited by Cameron Zivkovic Friday, July 31, 2015 1:37 AM

Free Windows Admin Tool Kit Click here and download it now

July 31st, 2015 1:37am

Thanks for the response.

One more question

does FIM 2010 R2 SP2 SSPR support the multi forest and multi domain password reset functionality? I new that FIM SSPR support multi domain with in single forest.

But I am not sure about the multi forest. If FIM SSPR support multi forest, pleases suggest the main things to be taken care.

Thanks

Harry

August 6th, 2015 11:10am

Yes it does. Multiforest and multidomain.

Free Windows Admin Tool Kit Click here and download it now

August 6th, 2015 12:13pm

This topic is archived. No further replies will be accepted.