none
Migration of users/groups to Azure active directory from multiple forest RRS feed

  • Question

  • Hi,

    We have one requirement to integrate/move  users/groups from  multi-forest, multi-domain AD environment to Azure Active directory and manage the password of users. I knew that FIM provides the AAD connector to move the user/groups object  to AAD. Request you please suggest me for the below.

    1. Where we need to deployee FIM - On premise or on cloud? 

    2. Whats are the others main things we need to consider  for solution.

    3 What about the FIM SSPR. Does it support the password reset on AAD.

    4. is there any document for it?

    Thanks

    Harry

       


    • Edited by Harry-Harry Wednesday, July 29, 2015 2:12 PM
    Wednesday, July 29, 2015 2:11 PM

All replies

  • 1. Where we need to deployee FIM - On premise or on cloud? 

    Answer: On premise.

    2. Whats are the others main things we need to consider  for solution.

    Answer: Unique sAMAccountName, since you are migrating from multiple domains.  You may have duplicate sAMAccountNames and you will need to rename them before migrating them

    3 What about the FIM SSPR. Does it support the password reset on AAD.

    Answer: I dont think so.  Why not do the SSPR on their native domain and sync the password to Cloud?

    4. is there any document for it?

    Answer: Google.com, TechNet.com, :)


    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Thursday, July 30, 2015 1:04 PM
    Wednesday, July 29, 2015 3:01 PM
  • Thanks for response Nosh.

    Now the question is how to sync the password from native domain to azure active directory on cloud.

    As per the below link Azure AD (AAD) management does not support the password synchronization.

    Note :

    The Password Hash Sync feature available in DirSync is not supported with FIM2010 and the AAD Connector.

    This connector does not support any password management scenarios

    https://msdn.microsoft.com/en-us/library/azure/dn511001.aspx

    The question is how password can be synchronized to AAD in real time.

    Second question is : in the existing environment, there are multiple forest and multiple domain. Does FIM SSPR support to reset the password in multiple forest and multiple domain.  

    Thanks

    Harry 

    Thursday, July 30, 2015 2:44 PM
  • HMM.  I guess I missed this.

    I guess the only other option is ADFS.  


    Nosh Mernacaj, Identity Management Specialist

    Thursday, July 30, 2015 3:40 PM
  • I haven't cranked up the latest MIM 2016 build yet (or any of the builds for that matter), but can anyone advise if 2016 can handle password hash to Azure (I would hope so)?

    Surely we are going to see MIM 2016 any day now? is it worth the op waiting for?

    Friday, July 31, 2015 2:05 AM
  • Thanks for the response.

    One more question

    does FIM 2010 R2 SP2 SSPR support the multi forest and multi domain password reset functionality? I new that FIM SSPR support multi domain with in single forest.

    But I am not sure about the multi forest. If FIM SSPR support multi forest, pleases suggest the main things to be taken care. 

    Thanks

    Harry

    Thursday, August 6, 2015 3:09 PM
  • Yes it does.  Multiforest and multidomain.

    Nosh Mernacaj, Identity Management Specialist

    Thursday, August 6, 2015 4:11 PM