What is Microsoft Azure AD Connect?

Azure AD Connect is an on-premises Microsoft application that's designed to meet and accomplish your hybrid identity goals.

Azure AD Connect provides the following features:

• Password hash synchronization - A sign-in method that synchronizes a hash of a users on-premises AD password with Azure AD.

• Pass-through authentication - A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn't require the additional infrastructure of a federated environment.

• Federation integration - Federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments.

• Synchronization - Responsible for creating users, groups, and other objects. As well as, making sure identity information for your on-premises users and groups is matching the cloud. This synchronization also includes password hashes.

• Health Monitoring - Azure AD Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity.

For synchronization, you first need to install Azure AD Connect on a domain-joined server in your on-premises data center. The synchronization is then controlled by a scheduler. The scheduler imports, syncs, and export changes. By default, a sync task runs every 30 minutes. By default, the sync is one way: from on-premises AD to Azure AD. However, you can configure the writeback function to sync changes from Azure AD back to your on-premises AD. That way, for instance, if a user changes their password using the Azure AD self-service password management function, the password will be updated in the on-premises AD.