Azure Active Directory SSPR [英] Azure Active Directory SSPR
问题描述
您好
我正在为一家已经拥有蔚蓝租户的公司进行部署。该公司有两个域 - 域A和域B,域A已经与Azure AD Connect同步,并且正在实施SSPR,它工作得非常好。所以
公司希望SSPR在域A的同一租户中的域B上实施。
我的问题是,这是可能的,如果是的话,我是怎么做的?部署?
您好,
您是指两个不同的森林或同一个森林中的两个不同的域?您当前使用哪种身份验证方法,托管(PTA和PHS)或联合?
在这两种方案中,您都需要将新域中的用户与现有Azure AD租户同步并确保AD连接服务器可以与域控制器通信。
这是
doc ,它解释了所有支持的AD连接拓扑。
在你之后由于您已经在租户上启用了SSPR,因此同步用户,新用户也可以使用SSPR。
为了部署这个,我建议如下:
1)将域B中的用户子集同步到Azure。 (您可以在AD Connect中使用OU级别过滤)
2)确保他们能够登录Azure。
3)在Azure中为他们分配许可证。
4)如果您当前针对Azure中的特定用户组使用SSPR,则为他们启用SSPR。
5) 确保密码回写正常工作。
6)测试SSPR
7)如果一切正常,请同步域B中的所有用户。
希望这会有所帮助。
Hi
I'm deploying for a company that has already have a working azure tenant. The company has two domain - domain A and domain B, the domain A is already synchronized with the Azure AD Connect and the SSPR is being implemented and it is working very fine. so the company want the SSPR to be implemented on domain B in the same tenant as domain A.
My question is, is that possible and if yes how do I deploy?
Hello,
Are you referring to two different forests or two different domains in the same forest ? Which authentication method are you using currently , managed (PTA and PHS) or federated ?
In both scenarios, you need to synchronize the users from the new domain to your existing Azure AD tenant and ensure that AD connect server can talk to the domain controllers.
Here is a doc which explains all the supported topologies of AD connect.
After you synchronize the users since you already have SSPR enabled on the tenant , the new users will also be able to use SSPR.
In order to deploy this I would recommend the following:
1) Synchronize a subset of users from domain B to Azure. (You can use OU level filtering for this from AD Connect)
2) Make sure they are able to sign in to Azure.
3) Assign licenses to them in Azure.
4) Enable SSPR for them if you are currently targeting SSPR for specific set of users in Azure.
5) Ensure password writeback is working properly.
6) Test SSPR
7) If everything is working as expected then synchronize all the users from domain B.
Ref: Enabling password writeback and SSPR FAQ .
Hope this helps.
这篇关于Azure Active Directory SSPR的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
