Can deployment be done for mass on azure AD

0
votes

If we do on-premise AD sync with azure active directory using Azure connect DirSync and do not select password synchronization then

  • Will the deployment be done for the mass or can it be done in batches of users?

  • After users are migrated to Azure, do they have to manually change
    the credential to log in to their Office 365 accounts (they log in to
    Office 365 with their email credentials now and after the Azure AD,
    they will login with their AD credentials?

  • Is it possible to migrate all users to Azure but keep them inactive
    and admin activate them in batches when required?

1
azureoffice365azure-active-directory

1 Answers

1
votes

You can select to synchronize specific users based on OU or Attribute based. https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering#organizational-unitbased-filtering

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering#attribute-based-filtering

You will not need to change the credentials, in case if you opt not to sync password hashes between your on-prem AD to AAD you can either enable federation through AD FS or pass through authentication where once credentials are entered the request comes on-prem and gets authenticated with same credentials already stored/used.

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-azure-adfs

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication