在设置Azure AD连接之前，将本地AD域与Azure AD租户匹配 [英] Matching On-prem AD domain with Azure AD tenant before setting up Azure AD connect

问题描述

根据下面的文章，当您的onprem设置具有不可路由的域名时，听起来有一个额外的步骤。听起来如果我更改域名以匹配azure广告域，这将允许我的用户的公司凭据与他们的Azure AD信誉匹配
并允许他们使用相同的凭据访问所有公司和azure云资源（用户名和密码）这是正确的吗？目标是对物理服务器进行decom并利用Azure AD和Intune或MDM"应该"。
替换组策略。或者我离开了，无论你是PHS还是PTA或联邦它只是同步密码而不关心用户名？

Based on the article below, it sounds like there is an additonal step when having non-routable domain names for your onprem setup. It sounds like if I did a domain name change to match the azure ad domain, that would allow my user's corp credentials to match their Azure AD creds and allow them to access all corp and azure cloud resources with the same credentials (username and password) Is that correct? The goal would be to decom the physical server and leverage Azure AD and Intune or MDM which "should" replace group policy. Or am I way off and regardless if you PHS or PTA or Federate it only sync's the password and doesnt care about the username?

https://docs.microsoft.com/en-us / azure / security / azure-ad-choose-authn

https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn

推荐答案

它关心UPN，但您可以通过添加额外的UPN后缀并将其分配给它来解决这个问题。用户。

It cares about the UPN, but you can remedy that by adding additional UPN suffixes and assigning them to users.

如果您打算使用PHS或PTA，则无法停用本地服务器。

If you plan on using PHS or PTA, you cannot decommission you on-premises server though.

这篇关于在设置Azure AD连接之前，将本地AD域与Azure AD租户匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！