What is the authentication mechanism process between on premise AD and O365?

SAM2009
SAM2009 used Ask the Experts™
on
Hi,

I try to understand the authentication mechanism with O365 if we decide to go in cloud. For Example if a user change his AD password then how it will take to sync to O365?

Is it synced by Azure AD Connect? If yes how often or how long does it take to sync the pw change?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IT Architect
Distinguished Expert 2017
Commented:
Azure AD Connect is used to sync password and other attributes. By default is 30 mins. Refer: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-scheduler

Read this also: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

Remember, password in clear text never sync. Even in your local lan also, password never travels between client and server.

Author

Commented:
But when a user change his pw is it really takes also 30 min or the process is considered as a priority and it goes faster?
AmitIT Architect
Distinguished Expert 2017

Commented:
Password changes are replicated within 2-3 mins. However, If you ask my suggestion you better use ADFS or Pass-through authentication.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

IvanSystem Engineer

Commented:
Hi,

no, it will sync right away. Password change will force sync right away.
If you use passthrough or ADFS then you would be using your DC and there would be no need to sync passwords.

Regards,
Ivan.

Author

Commented:
So why we use AD Connect then instead of using ADFS or passthroug?
AmitIT Architect
Distinguished Expert 2017

Commented:
AD connect is work as a bridge between on-premises and cloud to replicate your on-premises users to cloud. It is not just password. ADFS is been around for long time for SSO. Pass-through is the latest edition. So, Microsoft is improving day by day and making it easier for customer to move to cloud.

Check: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta

Author

Commented:
Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial