Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Add the name of the group containing the users and groups. Only members of this
group will be synchronized to Azure AD.
Only single-valued attributes are supported and the value cannot be longer than
250 characters. The metaverse and Azure AD schema will be extended with the
attributes selected. In Azure AD a new application is added with the attributes.
User writeback
User writeback allows you to take a user created in Azure AD (through the portal,
graph, PowerShell, or any other method) and write the user back to on-premises
ADDS. To enable the feature, select User writeback on the optional features page.
You will now be presented with the location where you want these users to be
created. The default configuration will create all users in one location in ADDS.
The users will be created with a random password so you have to reset the
password in ADDS for the user to actually be able to login.
Group writeback
The option for group writeback in optional features will allow you to writeback
Groups in Office 365 to a forest with Exchange installed. This is a new group type
which is always mastered in the cloud. You can find this in outlook.office365.com or
on myapps.microsoft.com as shown here:
outlook.office365.com
myapps.microsoft.com
This group will be represented as a distribution group in on-premises ADDS. Your onpremises Exchange server must be on Exchange 2013 CU8 (released in March 2015)
to recognize this new group type.
Note: The address book attribute is currently not populated. The easiest is to find
the address book property from another group in your org and populate this outside
the sync engine.
Note: Only forests with the Exchange schema are valid targets for groups. If no
Exchange was detected, then group writeback will not be possible to enable.
Note: The Group writeback feature does not currently handle security groups or
distribution groups.
More information can be found here: http://blogs.office.com/2014/09/25/deliveringfirst-chapter-groups-office-365/
Device writeback
The device writeback feature will allow you take a device registered in the cloud, for
example in Intune, and have it in ADDS for conditional access. To enable the
feature, ADDS must be prepared. If you install ADFS and the device registration
service (DRS), DRS provides PowerShell cmdlets to prepare AD for device writeback.
If you do not have DRS installed, then you can run C:\Program Files\Microsoft Azure
Active Directory Connect\AdPrep\AdSyncAdPrep.psm1 as an enterprise admin.
Device sync
If you enable the feature device sync then your Windows 10 devices which are
domain joined will be synchronized to Azure AD. Unless you are part of the Windows
10 pre-release program and have been instructed by Microsoft to enable this
feature, leave this option unselected.
Staging mode
With staging mode the process to setup a new sync server in parallel with an
existing server is possible. It is only supported to have one sync server connected to
one directory in the cloud. But if we want to move from another server, for example
one running DirSync, then we can enable Azure AD Connect in staging mode. When
enabled the sync engine will import and synchronize data as normal, but it will not
export anything to Azure AD and will turn off password sync and password
writeback.
While in staging mode, it is possible to make required changes to the sync engine
and review what is about to be exported. When the configuration looks good, run
the installation wizard again and disable staging mode. This will enable data to be
exported to Azure AD. Make sure to disable the other server at the same time so
only one server is actively exporting.
If this was unexpected, then investigate and take any corrective actions.
To temporarily disable this protection and let these deletes go through, run:
Disable-ADSyncExportDeletionThreshold
To re-enable the protection or to change the default threshold setting, run:
Enable-ADSyncExportDeletionThreshold