jgillfeather
asked on
AAD Connect and Pass Through authentication
Howdy,
was wondering if anyone has any practical experience with enabling SSO via AADConnect and the new pass-through authentication - https://docs.microsoft.com /en-us/azu re/active- directory/ connect/ac tive-direc tory-aadco nnect-pass -through-a uthenticat ion ?
Specifically, was wondering if the forest/domain functional level needs to be at Server 2012? The pre-reqs say Server 2012 required to run AAD Connect, but not why.
We have hybrid Azure infrastructure at the moment, so throwing in a 2012 server to run AAD Connect is easy, but upgrading all the DC's in order to increase the forest functional level is going to take some doing, and i would really preder not to have to create an ADFS cluster...
regards, Justin
was wondering if anyone has any practical experience with enabling SSO via AADConnect and the new pass-through authentication - https://docs.microsoft.com
Specifically, was wondering if the forest/domain functional level needs to be at Server 2012? The pre-reqs say Server 2012 required to run AAD Connect, but not why.
We have hybrid Azure infrastructure at the moment, so throwing in a 2012 server to run AAD Connect is easy, but upgrading all the DC's in order to increase the forest functional level is going to take some doing, and i would really preder not to have to create an ADFS cluster...
regards, Justin
ASKER
Thank you!
We're currently 2008R2, with no 2012 DC's, yet. We will soon, but i was hoping to enable SSO before then.
Correct me if I'm wrong, but with password-hash you still have to enter credentials in browser session the first time, right? i.e. you can't logon to a corporate desktop with a clear browser cache, and open O365 without entering credentials.
What activesync issue? Can you point me to any discussions on the issue(s)?
We're currently 2008R2, with no 2012 DC's, yet. We will soon, but i was hoping to enable SSO before then.
Correct me if I'm wrong, but with password-hash you still have to enter credentials in browser session the first time, right? i.e. you can't logon to a corporate desktop with a clear browser cache, and open O365 without entering credentials.
What activesync issue? Can you point me to any discussions on the issue(s)?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect, many thanks.
what is your current Forest Level anyway?
My experience tells me only use PTA if you really need t solve the password hash cannot be in the cloud.
Further, PTa do not solves activesync and legacy application authentication issues.
Activesync (Iphone user) requirement itself have killed the implementation of PTA.
Until MS fix this, i will stick with Password Hash + SSO