AD Connect Configuration Questions

Question

Understadning SSO without syncing password.

We have a on permise AD and an Azure AD.

On-Premise AD

Username: John.Doe@keyman .com
Password: password01

on Azure AD

Username: John.Doe@keyman .com
Password: password02

We setup DirSync with SSO Disabled & Password Sync Disabled and completed syncing of this user to Azure AD from On-Premise AD. In Azure AD under "All USers" the user shows as "Directory Synced"

We have an application on Azure that works on SSO.

The question is, with SSO Disabled & Password Sync Disabled from on-premise AD to Azure AD, the user must be able to login using

Username: John.Doe@keyman .com
Password: password02

Can this user sign on using his Azure AD credentials with the above configuration?

is it possible to sync users from on-premise AD to Azure AD without Password Sync and the users can logon to Azure Apps using their Azure AD credentials.
What happens if we change the Password of the user on the Azure AD with password sync disabled?

Answer

That's not technically SSO, but it can be configured how you want it. It's actually the default behavior when you dont have Azure AD Connect installed, and can also be achieved with the corresponding settings disabled.
The user will have to maintain two sets of credentials, one for on-premises and one for Azure AD.

Answer

@Vasil Michev

In case we need to change this setup to password sync for a selected 20 users out of 150 what is the best way forward in modifying the sync configuration.

What if we need to change the existing configuration and enable passowrd sync and sso for a OU or Universal Group?

Also, we need to setup such that if a password change happens on on-premise AD or Azure AD or M365 it must sync everywhere

Which wud be the apt password sync for this?

Share via

AD Connect Configuration Questions

2 answers

Your answer