There’s some interesting and exciting changes coming to Azure Active Directory Sync, as evidenced by the recently released preview.
First off, we’re calling it AAD Sync now instead of just DirSync. This is keeping with the shift to Azure as a whole rather than just Office 365. It’s less a name change and more of a product replacement, but the inherent functionality is still there.
You might be wondering why I broke stride on an Office 365 Implementation series to go back over DirSync and its successors. Simply put, the preview version is awesome and if it’s an indicator of what’s to come for on-premise to cloud sync then there’s a lot to look forward to. It also simplifies many of the things I was intending to cover in my series. I won’t belabor too much of the details that can be found in the TechNet blog post on the subject, but will instead offer some perspectives on some key changes found there.
First up to bat is the new Password Reset capabilities. It appears to be an advanced feature, but it allows a password change in the cloud to be synced back to Active Directory, providing more self-service options. This is big, especially for remote users as it lets them reset their password in OWA. Before, changing your password in the cloud disabled you for password sync locally until your local password was changed, leading to two different passwords.
As exciting as that is, some of the other features are even better. Multi-Forest sync, tying multiple Exchange orgs to a single Azure tenant, and more granular attribute syncing are all in the preview as well. Let’s look at the install since we talked so much about that last time.
On the surface, the installer looks like it just received a graphical overhaul. All is the same as before until you get to step 3. This is where the new multi-forest functionality comes in as it allows you to set what attributes to use as a unique identifier and which attribute is unchangeable. All in all, cool, but no big change in the install process.
The real hotness is in the Advanced Configuration UI. Before, this functionality was hidden in the FIM Client in the AAD Sync install folder and was difficult to navigate. Now, going solely off the screenshots, it appears that you can filter OUs, map attributes, and select what not to sync all from one tool.
THIS. IS. AWESOME.
The attribute selection screen even lets you sync based on service. Not using Lync Online? Then who needs those attributes! Don’t sync them. The biggest news for manageability is an increased ease in filtering by OU and excluding attributes. It’s not that it was hard in FIM and DirSync, but it was not very user friendly. Simplifying the process is a big step in making adoption more widespread and making the lives of your neighborhood Office 365 admins much easier.
The preview of AAD Sync appears to be a fantastic step forward for Microsoft cloud services. The transition to the cloud needs just these sort of tools to make the path easier and provide greater interoperability if they want adoption of cloud services to increase.
I know I’m excited to take this new preview for a test drive and see what the new services have to offer!