I am new to Active directory concepts, so pls pardon my lack of knowledge. Could you please help me in finding answers for following questions?
AD FS and AD DS roles are installed on same machine both in on premise and Azure. With ADFS, On premise user are authenticated by on-premise Active directory and cloud users are authenticated by Active directory hosted in a Azure VM and there is no need of password sync or password through (PTA). Federated domains are not supposed to have one/two trust or have parent child relationship.
Q1: Is my understanding about ADFS correct?
When you install AD Connect, there is a option called Federation with AD FS. As password sync is not expected..
Q2. What does AD Connect do for federated domains?
Q3. Why Do we need AD Connect in this case? AD connect can sync passwords from on premise to Azure AD which can be synced to Azure AD DS, not the AD DS hosted on Azure VM...I think ?
Q4. Is it true that AD Connect can not be used for password syncing between on-premise domain controllers or between on-premise domain and ADDS hosted on Azure VMs ?
I got confused after seeing AD Connect sync status enabled on my employer Azure AD which is federated and reading this "You can federate your on-premises environment with Azure AD and use this federation for authentication and authorization. This sign-in method ensures that all user authentication occurs on-premises." Pls see snaps below.
Appreciate your insightful response, thank you !!