365 Azure Azure AD Free license and Azure AD connect

Greg Bemis 60 Reputation points
2023-05-15T20:10:50.8466667+00:00

Hello,

We have an E3 365 license which includes Azure AD Free license. We have used MS 365 for many years and are now setting up Cloud based Domain Controller, File and print servers. we have been working on geting Azure AD connector to work with what we have without an luck, at beset we can get some groups to pull into the AD on the domain controller but not in the correct OU's. So I stepping back and looking for some help starting with a couple of questions.

1 will the 365 Azure AD Free license work in this case or do we need to upgrade?

  1. Does the Azure AD and The Domain controller have to match? Explanation, our Azure AD is based on our domain name xxxxx.org but our DC AD is xxxxx.local with all OU's in a container below called xxxxx . what we are trying to accomplish is to pull all the Azure Data into the DC AD.
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,082 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,158 questions
{count} votes

Accepted answer
  1. Konstantinos Passadis 17,376 Reputation points MVP
    2023-05-15T20:45:20.0466667+00:00

    Hello @Greg Bemis !

    Welcome to Microsoft QnA!

    For the license question Azure Ad Free is enough and you can have a detailed look here

    https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions

    Also check here because MFA is now a must and you might consider Azure Premium P1 as an add-on

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing#available-versions-of-azure-ad-multi-factor-authentication

    You don't have a problem with the domain names . Actually this is a common thing so the only thing you have to do is add a UPN Suffix and the users will be synced just fine

    https://learn.microsoft.com/en-us/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization?view=o365-worldwide

    The mechanism of Azure AD Connect is quite advanced with a lot of options and features. Among them is the Sync Rules Editor

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/concept-azure-ad-connect-sync-user-and-contacts

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-group-writeback-v2

    You can also apply OU filtering along with Device Write back and Group Write back

    I would suggest considering Azure AD Premium P1 , for the Identity Security Mechanisms and the MFA Controls

    I hope this helps!

    Kindly mark the answer as Accepted and Up-vote in case it helped!

    Regards

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful