Hybrid Identity directory integration tools comparison
Over the years the directory integration tools have grown and evolved.
- MIM is still supported, and primarily enables synchronization from or between on-premises systems. The FIM Windows Azure AD Connector is deprecated. Customers with on-premises sources such as Notes or SAP HCM should use MIM in one of two topologies.
- If users and groups are needed in Active Directory Domain Services (AD DS), then use MIM to populate users and groups into AD DS, and use either Azure AD Connect sync or Azure AD Connect cloud provisioning to synchronize those users and groups from AD DS to Azure AD.
- If users and groups are not needed in AD DS, then use MIM to populate users and groups into Azure AD through the MIM Graph connector.
- Azure AD Connect sync incorporates the components and functionality previously released in DirSync and Azure AD Sync, for synchronizing between AD DS forests and Azure AD.
- Azure AD Connect cloud provisioning is a new Microsoft agent for synching from AD DS to Azure AD, useful for scenarios such as merger and acquisition where the acquired company's AD forests are isolated from the parent company's AD forests.
To learn more about the differences between Azure AD Connect sync and Azure AD Connect cloud provisioning, see the article What is Azure AD Connect cloud provisioning?. For more information on deployment options with multiple HR sources or directories, then see the article parallel and combined identity infrastructure options.
Next steps
Learn more about Integrating your on-premises identities with Azure Active Directory.
Feedback
Submit and view feedback for