Before syncing the on-premise AD with Azure AD, let's warm up with the basic concepts involved with this topic. Let's start with Azure AD; it is a service that provides identity and access management capabilities in the cloud. Azure AD can be integrated with existing on-premise AD for providing single sign-on functionality for their users to access the cloud applications. So it is essential for organizations to keep the identities in both on-premise AD and Azure AD to be in sync. To solve this sync requirement, we have Azure Active Directory Sync tool, which provides one-way synchronization from on-premise AD to Azure AD.
With the advent of Windows Azure the outlook of Small Business concerns has changed from 'Impossible to I'm Possible'! Yes that's true, this is because Windows Azure assures to take care of the configuration responsibilities, this reduces our burden to just read the menu and taste the Food of our choice. One of the best sellers from the Windows Azure's menu is Windows Azure Backup Vault. This service reduces our onsite storage dependencies. Windows Azure Backup Vault is a part of Windows Azure Recovery Services. You can backup your data in on-premises Windows Servers to Azure Backup Vault. This vault acts as cloud storage to back up the data from Windows Server in an encrypted form. The backup data from the Azure Backup Vault can be restored to the original registered server or in case of server crash, it can be restored to the new server.
Token Bloat is one of the major problems faced by IT administrators, which occurs when a single user is a member of too many groups in Active Directory. In a large organization there is an ocean of Active Directory resource like users, groups, computers etc. Each user is required to play a unique role in the organization, so it's the IT administrators' responsibility to assign sufficient permissions to the user to access the services and applications necessary to perform his/her task. At the same time IT administrators are required to maintain the security standards of their organization. As a result their job becomes more complex and granular in providing and denying specific permissions to each user. Moreover it is unavoidable to add a user as a member to multiple security groups to assign permissions. This results in stuffing of security groups or SID History items into a user token, which in turn increases the Kerberos Token Size above the default size of 20000 bytes.
Dynamic access control (DAC) facility, introduced in windows server 8 is a nice provision for security management. Previous versions of windows enforced file/folder security by granting access to the users and groups directly. Many security groups have been created and managed to offer access. With DAC, administrators could add conditional expressions with AD attributes to grant the permissions. This has considerably reduced group management complexities. Dynamic Access Control can be applied in addition to any existing share and NTFS permissions, which enforces centrally governed rules. Dynamic Access Control is one of the key components of Active Directory in Windows Server 8.
Your last visit:x