Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2016-05-07) Azure AD Connect – Identifying Objects In AD And In Azure AD (Part 3)

Posted by Jorge on 2016-05-07


Part 2 can be found here

This all starts when running the setup wizard of AAD Connect. At some point you will see the following screen

image

Figure 1: (Uniquely) Identifying (Your) Users – “Users identities exist across multiple directories. Match using: ‘<Custom Attribute>’”

As a “CUSTOM ATTRIBUTE” and as a “SOURCE ANCHOR” you choose:

  • “extensionAttribute15” if you want a Unicode String attribute
    OR
  • “mS-DS-ConsistencyGuid” if you want an Octet String attribute

As a “USER PRINCIPAL NAME” you choose:

  • “userPrincipalName”

Now DO NOT continue by clicking [Next]! Why? If the attributes chosen do not exist in the metaverse (MV) with the exact same name, the installation of AAD Connect will fail at the end and you will need to uninstall and reinstall again. Read more about this here.

Therefore open the Synchronization Service Manager and go the Metaverse Designer. Add or configure the following attributes to both the “person” and the “group” objects and also configure it as displayed.

image

Figure 2: A Unicode String Attribute Being Used As Both The Custom Matching Attribute And The Source Anchor

Or you configure…

image

Figure 3: An Octet String (Binary) Attribute Being Used As Both The Custom Matching Attribute And The Source Anchor

The following attribute is also needed as an initial matching attribute. Later I will elaborate more about it. Add the following attribute to both the “person” and the “group” objects and also configure it as displayed.

image

Figure 4: An Additional Octet String (Binary) Attribute Also To Be Used As A Matching Attribute

After doing this all, you can continue with the AAD Connect installation wizard! At the end make sure you DO NOT enable synchronization!

Continue with part 4 here

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

2 Responses to “(2016-05-07) Azure AD Connect – Identifying Objects In AD And In Azure AD (Part 3)”

  1. […] « (2016-05-07) Azure AD Connect – Identifying Objects In AD And In Azure AD (Part 3) […]

  2. […] (2016-05-07) Azure AD Connect – Identifying Objects In AD And In Azure AD (Part 1) (2016-05-07) Azure AD Connect – Identifying Objects In AD And In Azure AD (Part 3) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: