User Sign-In Options:
- Password Hash Synchronization (selected by default): This option synchronizes users’ on-premises Active Directory (AD) passwords with Microsoft Entra ID (previously Azure AD), allowing users to use the same passwords to sign in to cloud services like Microsoft 365.
- Pass-through authentication: This enables on-premises authentication, where user passwords are validated against the on-premises Active Directory without storing password hashes in Microsoft Entra ID.
- Federation with AD FS: This option uses Active Directory Federation Services (AD FS) to handle authentication, providing more control over the authentication process.
- Federation with PingFederate: Allows for federated sign-in using PingFederate as the identity provider.
- Do not configure: This option disables any specific sign-in configuration.
Single Sign-On (SSO) Option:
There is an additional checkbox labeled “Enable single sign-on”. This option, when selected, enables single sign-on for users on corporate networks, reducing the need for them to repeatedly enter their credentials when accessing Microsoft cloud resources.
The options listed provide different levels of integration between on-premises environments and Microsoft cloud services, catering to different authentication requirements and security configurations based on organizational needs.
Using PowerShell to Force Sync You can use the Azure AD Connect PowerShell module to initiate a sync. This is helpful for administrators who want to automate or script sync operations.
Steps:
- Open PowerShell on the server where Azure AD Connect is installed.
- Run the following command to import the ADSync module:powershellCopy code
Import-Module ADSync - To perform a delta (incremental) sync, use:powershellCopy code
Start-ADSyncSyncCycle -PolicyType Delta - To perform a full sync (useful when there are major changes or updates):powershellCopy code
Start-ADSyncSyncCycle -PolicyType Initial