π οΈ Installation Overview
- Download the latest Entra Connect tool from the Microsoft Entra admin center.
- Run the installer on a domain-joined Windows Server (2016 or later, full GUI).
- Choose between:
- Express Setup: Ideal for single AD forest, <100K objects.
- Custom Setup: For multi-forest, advanced sync, or SQL customization.
π User Sign-In Options
- Password Hash Sync: Cloud-based authentication using AD password hash.
- Pass-through Authentication (PTA): Validates credentials directly with on-prem AD.
- Federation (AD FS or PingFederate): Redirects sign-in to on-prem federation service.
- Single
Sign-On (SSO): Optional with hash sync or PTA for seamless access.
- Β Connect to AD DS using either:
- A newly created service account (recommended).
- An
existing account with read permissions.
- Configure:
- Domain & OU filtering.
- User matching rules (UPN, source anchor).
- Optional
features like password writeback, device writeback, group writeback.
π Post-Setup Verification
- Use Synchronization Service Manager to monitor sync status.
- Check Microsoft 365 Admin Center or Entra Admin Center for sync health and errors.
- Sync runs every 30 minutes by default.