AZ-303 - AAD

Accounts used for Azure AD Connect

AZ-303 - AAD

Azure AD Connect uses 3 accounts in order to synchronize information from on-premises or Windows Server Active Directory to Azure Active Directory. These accounts are:

  • AD DS Connector account: used to read/write information to Windows Server Active Directory

  • ADSync service account: used to run the synchronization service and access the SQL database

  • Azure AD Connector account: used to write information to Azure AD

 

AD DS Enterprise Admin credentials

The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.

If you are upgrading from DirSync, the AD DS Enterprise Admins credentials are used to reset the password for the account used by DirSync. You also need Azure AD Global Administrator credentials.

Azure AD Global Admin credentials

These credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.

 

上一篇:Laravel JWT Method Illuminate\\Auth\\SessionGuard::factory does not exist


下一篇:@RequestBody的理解