AZURE AD连接配置
若要使用密码同步配置同步标识,必须在Azure AD Connect向导中选择用户登录方法。您可以选择密码保护,AD FS联合和不配置。此模块特定于密码同步(同步标识),因此请选择“ 密码同步”。
可选功能页面
在进行Azure Active Directory连接向导的过程中,最终会进入“同步身份配置”部分。本部分的最后一页是“ 可选功能”页面,该页面允许您选择组织所需的Office 365增强型混合功能。您可以选择的功能包括:
- 交换混合部署。
EXCHANGE HYBRID DEPLOYMENT.
The Exchange Hybrid Deployment feature allows for the co-existence of Exchange mailboxes both on-premises and in Office 365. Azure AD Connect is synchronizing a specific set of attributes from Azure AD back into your on-premises directory.
- Azure AD应用和属性过滤。
AZURE AD APP AND ATTRIBUTE FILTERING.
By enabling Azure AD app and attribute filtering, the set of synchronized attributes can be tailored.
密码同步。
PASSWORD SYNCHRONIZATION.
If you selected federation as the sign-in solution, then you can enable this option. Password synchronization can then be used as a backup option. If you selected Pass-through Authentication this option is enabled by default to ensure support for legacy clients and as a backup option.
密码回写。
PASSWORD WRITEBACK.
By enabling password writeback, password changes that originate in Azure AD is written back to your on-premises directory.
集体回写。
GROUP WRITEBACK.
If you use the Office 365 Groups feature, then you can have these groups represented in your on-premises Active Directory. This option is only available if you have Exchange present in your on-premises Active Directory.
设备回写。
DEVICE WRITEBACK.
Allows you to writeback device objects in Azure AD to your on-premises Active Directory for conditional access scenarios.
目录扩展属性同步。
DIRECTORY EXTENSION ATTRIBUTE SYNC.
By enabling directory extensions attribute sync, attributes specified are synced to Azure AD.
Password write-back
密码写回
可以使用密码写回功能在云中重置密码,在这种情况下,更新的密码将写回到本地目录。您必须具有Azure AD高级订阅才能利用此功能。
要点:要实现密码写回,必须将Azure AD高级许可证分配给需要密码写回的用户。用户需要为密码重置注册至少两种身份验证方法作为要求。如果需要,管理员可以预先填充此信息:
- 备用邮箱地址
- 替代手机
密码回写可以无缝地通过Azure AD Connect进行,无需打开防火墙端口进入本地网络。它使用Azure Service Bus中继作为底层通信通道。密码同时在云和本地环境中重置。
当用户重置密码时,它会强制执行组织的内部部署AD密码策略。它支持同步身份和在联合(AD FS)身份模型中同步的用户帐户。如果联合用户帐户已同步到Azure AD租户中,则用户可以从云管理其内部部署AD密码。