This is by far one of the best, clear and concise tutorials on AADConnect, I have subscribed and will be watching the remaining videos. I learned more in 30min than I have reading numerous post/blogs.
These videos are very well done. There are lots of videos on RU-vid showing the same thing but your presentation is particularly clear and easy to understand, thank you!
I usually don't hit "Like" on RU-vid videos,, and I defiantly don't Like video before watching them, except your videos , I started to hit like Before I even watch them. Amazing Job
I have seen many tutorials but to be honest this channel got by far the best tutorials in Azure AD, ADConnect, ADFS :) Do you have any premium course that i can subscribe? If not please add that in to your road map :)
Thanks Siva, We don't have any premium course plans, but we will post everything most of public content here. If you come across any issues, please feel free to reach us @ learnconceptswork@gmail.com
@@ConceptsWork ..Hello sir,, you are explaining in so layman language that we feel it so easy to understand, 5 stars for your great work... you are just brilliant...
Man is struggling with the language! that tongue is not happy, hmmmm hm, not at all! it must be a real achievement to be able to go through and teach in a language you do not quite master. Great content though, saving me a lot of bother. It's just hard not to focus on that accent. Thank you for the presentation, best content on the subject so far for me
Suggestion- Although, I know you must be aware, but please update on 'Methods' slide federation can be used along with password hash sync as a backup. Obviously, only when client's legal and compliance allows.
Exactly, thanks for bringing this up, yes we can have password hash as a backup for ADFS. Also, you can sync password for Identity protection credential theft checksum , will be covering this in lot more details in my up coming video.
Thanks for your Wonderful session. I have to migrate ADFS 2012 R2 to 2016 and also migrate AAD connect as well. Can you please provide any refference link or Videos for migration. It will help me lot...
Thanks for such a point to point videos.. I have one query If we enable SSO for 3 Domain in a forest, will the portal asking me for all the three Domains' DA credential and create the AZUREADSSOACC in all the three domains?
Any Significance of using builtin accounts for different sources like Onprem Connector, Cloud Connector and an account used for syncing the identities?Can I use my custom accounts instead using these msol, sync, AAD accounts and if Yes, what difference it is going to make to my environment? Can I use Mobile Number as preferred UPN to sign-in to my Online services getting authenticated via Azure AD?
You can use builtin Objects as well, but make sure all of them have the required privelages. Click here to check permissions - docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions You cannot use Mobile phone, check this video to know how HRD happens with upn and email - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-IhmNXSNL2zg.html
Hello, Great work. Have a question, typically when Internal AD Domain Names or UPN are not same as what organization may have externally (like internal UPN may be username.den.local) and externally might be username.lion.com (as registered domain): In that case, one will only be able to register and verify lion.com and thus, at 22:38 mins of your video, shall one select EMAIL and not UPN? Secondly: In event when AADConnect is configured to full sycn (default config of AD Connect) Also in that case, when users login to o365 or outlook online, they have to use their email id (which of course is public id) or can they also use den/username for login? Thanks in anticipation. Regards.
You can choose email or UPN, but what you must ensure, whichever attribute you choose, the suffix should be a verified domain. So, if we have users on-prem like “user@conceptswork.local”, but the email is “user@conceptswork.com”; In this case while installing AAD Connect, I will select email to be synced as UPN. You cannot user any other value apart from UPN to sign in to any service which uses azure AD. How it works? When the user gets redirected to login.microsoftonline.com and types username which has to be (user@domain.com), in this case domain.com is used to check what type of user is trying to sign is it federated or managed.
Thanx for the great video , I have a question please , how to add a new OU TO THE SYNC CYCLE after the initial ad connect setup and configuration , like after few days from the initial setup we required to add another OU TO BE SYNCHED TO AZURE AD
Awesome Video, may i know why you didn't checked the password writeback option, as it would be handy to have write privelege both ways, or does it require any further configuration if we check that box?
Question is not related to AAD but I have a different question 1. Why Microsoft Azure having 3 Fault Domain (why not more than 3 or less than 2) 3. Also Why there is 3 availability zone, why not more/less
This is by design configuration, as the schema object doesn't list these values, please click here to check the schema object. gallery.azure.com/artifact/20161101/Microsoft.AvailabilitySet-ARM.1.0.1/UIDefinition.json
Yes, if your domain is managed, make sure it is in sync scope and if your domain is federated make sure the authentication works properly. Soon, I will be posting video for entire device management of Azure AD.
Hello All, I have one issue regarding synchronization, The Issue is I was configured a hybrid azure ad joined devices but unfortunately I had deleted the devices in the on-premises active directory directly 2 months back, after that I had run the sync cycle with the help of Azure AD connect server but the HAADJ devices are available in azure portal still. How we can delete the devices which are available in the Azure portal.
@@ConceptsWork yeah we can delete those devices directly from the portal. So, my question is why those devices are showing in the AD connect server for 2 months after deletion from on-premises AD. i can see the device and devices id's as well.
How can we check what are the passwords of all the service accounts created automatically? Also how and in what scenarios we can change passwords of these service accounts?
Checking password doesn’t make sense as these are service accounts, but you can change the password. If you change the password then you have to update it manually in the respective containers.
Hi , It is a great video, I have one query on this the created account it is seen using a password which we have not set so how we can check this password and if we can change the password there is any issue has happened
You should manually not change the password of the service account, but the password on connector accounts can be updated. it is recommended not to make any changes, but lets say you make change to MSOL account password, then just get it updated on the connector.