Changes Coming for Azure Active Directory Sync

Azure Active Directory SyncWe’ve been talking a lot about DirSync lately, and today will be no exception. Check out my article on Password Sync vs. ADFS or Setting Up DirSync with Office 365.

There’s some interesting and exciting changes coming to Azure Active Directory Sync, as evidenced by the recently released preview.

First off, we’re calling it AAD Sync now instead of just DirSync. This is keeping with the shift to Azure as a whole rather than just Office 365. It’s less a name change and more of a product replacement, but the inherent functionality is still there.

You might be wondering why I broke stride on an Office 365 Implementation series to go back over DirSync and its successors. Simply put, the preview version is awesome and if it’s an indicator of what’s to come for on-premise to cloud sync then there’s a lot to look forward to. It also simplifies many of the things I was intending to cover in my series. I won’t belabor too much of the details that can be found in the TechNet blog post on the subject, but will instead offer some perspectives on some key changes found there.

Password Reset

First up to bat is the new Password Reset capabilities. It appears to be an advanced feature, but it allows a password change in the cloud to be synced back to Active Directory, providing more self-service options. This is big, especially for remote users as it lets them reset their password in OWA. Before, changing your password in the cloud disabled you for password sync locally until your local password was changed, leading to two different passwords.

Multi-Forest Sync

As exciting as that is, some of the other features are even better. Multi-Forest sync, tying multiple Exchange orgs to a single Azure tenant, and more granular attribute syncing are all in the preview as well. Let’s look at the install since we talked so much about that last time.

On the surface, the installer looks like it just received a graphical overhaul. All is the same as before until you get to step 3. This is where the new multi-forest functionality comes in as it allows you to set what attributes to use as a unique identifier and which attribute is unchangeable. All in all, cool, but no big change in the install process.

Advanced Configuration

The real hotness is in the Advanced Configuration UI.  Before, this functionality was hidden in the FIM Client in the AAD Sync install folder and was difficult to navigate. Now, going solely off the screenshots, it appears that you can filter OUs, map attributes, and select what not to sync all from one tool.

THIS. IS. AWESOME.

The attribute selection screen even lets you sync based on service. Not using Lync Online? Then who needs those attributes! Don’t sync them. The biggest news for manageability is an increased ease in filtering by OU and excluding attributes. It’s not that it was hard in FIM and DirSync, but it was not very user friendly. Simplifying the process is a big step in making adoption more widespread and making the lives of your neighborhood Office 365 admins much easier.

The preview of AAD Sync appears to be a fantastic step forward for Microsoft cloud services. The transition to the cloud needs just these sort of tools to make the path easier and provide greater interoperability if they want adoption of cloud services to increase.

I know I’m excited to take this new preview for a test drive and see what the new services have to offer!

Mirazon is always out front on new technologies and developments so that we can know what it all means for our clients down the road. Let us help you manage your Active Directory and Office 365!