Azure AD Connect Masterclass (A638)

This is a BRAND NEW course, developed due to popular demand by a team of AAD Connect experts including Andreas Kjellman. I'm very excited about it, and especially pleased with its realistic hands-on labs enabling you to get a proper understanding of its capabilities in real-world scenarios.

Hugh Simpson-Wells, CEO and founder, OCG Learning

Live Instructor-Led Course

Join the class in person, or connect to the class in real time over the internet from wherever you are in the world (via Skype).

£1300 / $1850 / €1500

Available as a private course

If you have a team to train, we'll come to you at a location of your choice. Contact us

Who is the Azure AD Connect Masterclass for?

Our NEW 3-day AAD Connect Masterclass is for architects and administrators responsible for connecting their on-premises Active Directory with an Azure Active Directory tenant who want to:

  • Understand what Azure AD Connect can do beyond its ‘out-of-the-box’ form and investigate its many additional capabilities
  • Learn how to configure and maintain it, and which configurations are supported​

AAD Connect is now a key part of a hybrid AD infrastructure. The “out-of-the-box” installation offers some great features, and it is important that these are fully understood. But it’s also vital to learn about the additional configurations that are possible, and which are supported.

Having the optimal configuration for your organization will enable you to provide consistent, secure and user-friendly authentication, as well as consistent authorization across on-premises and cloud applications through automated and reliable group management – even in complex environments, and all while minimizing the strain on your administrators and helpdesk staff.

The Azure AD Connect Masterclass covers both the ‘easy’ things (installation and configuration using the wizard) as well as ‘harder’ things, like multi-forest configuration and the configuration of single sign-on.

Familiarity with AD and basic concepts of authentication will be advantageous​ – the same goes for Exchange (unless you will never use it).

Azure AD Connect is based on Microsoft Identity Manager, and while we will call out similarities and differences, no prior knowledge is required – and the same goes for Azure Active Directory.

The training comprises presentations, discussions, demonstrations, and a lot of hands-on exercises. The hands-on labs – which are crucial to a proper understanding of the topics covered – have been made as realistic as possible. So for example, students will use a real domain and fully implement Azure AD Connect in various configurations. The labs are complex and reflect issues you will face in the real world.

 

Training outcomes

At the end of the course you’ll understand:

  • Everything you can do through the wizard, and how to extend that
  • Different authentication options – how you move from one to the other, and how they interact
  • The relationship between AAD Connect and MIM
  • AAD Connect architecture and configuration, understanding and editing rules, and handling errors
  • Scheduling, statistics, basic troubleshooting, high availability, and AAD Connect health
  • Managing AAD Connect with PowerShell
  • Precedence, provisioning/deprovisioning, joining rules, and transformations
  • Upgrading, backup, restore and recovery options
  • Multi-forest, multi-tenant and non-AD directory scenarios
  • Integrating cloud-based HR systems
  • What’s supported and what’s not
  • And much more…see the course outline tab (above) for detail.

This course was written by Andreas Kjellman (formerly MIM and Azure AD Connect Program Manager for Microsoft), Hugh Simpson-Wells (CEO, OCG), Jimmy Andersson (MVP Enterprise Mobility) and James Cowling (CTO, OCG).

Andreas Kjellman – Hugh Simpson-Wells – Jimmy Andersson – James Cowling

There is very little overlap between this Azure AD Connect Masterclass and the Identity Masterclass with John Craddock

  • The Identity Masterclass with John Craddock uses Azure AD Connect in its simplest out-of-the-box configuration. The Azure AD Connect Masterclass examines Azure AD Connect deeply.
  • The Identity Masterclass with John Craddock examines authentication issues in detail. The Azure AD Connect Masterclass covers authentication only to the extent that is needed to demonstrate the different configuration options.

Delegates on this course will learn about the product in detail and its many features through lectures, discussion, and hands-on labs. The hands-on labs are crucial to a proper understanding of the product and have been designed to be as realistic as possible.

What you will study:

  • The role of AAD Connect, and sources of identity objects and attributes, and what is synchronized
  • An overview of Azure Active Directory, its relationship with Office 365, and the Sync, PowerShell and Graph interfaces
  • The relationship between AD Connect and Microsoft Identity Manager: similarities and differences, recovery scenarios
  • Prerequisites and preparation for AAD Connect installation, and enterprise considerations
  • Different ways of managing passwords
  • AAD Connect architecture and configuration, understanding and editing rules, and handling errors
  • Scheduling, statistics, basic troubleshooting, high availability, and AD Connect health
  • Managing AD Connect with PowerShell
  • Precedence, provisioning/deprovisioning, joining rules, and transformations
  • Windows 10 with Azure AD, and Configuration for SSO
  • Authentication scenarios: Password Sync, SSO with ADFS, SSO with Pass-Through Authentication (PTA): Seamless Single Sign-On (SSSO), Azure AD SSPR / Password Change: advantages and disadvantages of each, troubleshooting, event logs, high availability, reliability, fall-back options, user experience etc.
  • Hybrid architectures, MIM sync options
  • Upgrading AAD Connect, importing and exporting, and documenting sync rules
  • Uninstall options, and what remains after uninstall, recovering AAD ownership of AD-owned objects
  • Issues around Azure AD preferred data location, and multiple AAD instances
  • Handling data quality issues: duplicate UPN, duplicate proxy addresses
  • Hybrid Exchange issues and limitations
  • Handling mergers and acquisitions, carve-outs etc.
  • Non-AD scenarios, cloud HR
  • Multi-Forest Issues and Configurations: adding new AD connector vs reinstall, joining, filtering

Module by module:

  • Module 1: Concepts and Overview
  • Module 2: Azure AD Deeper Dive
  • Module 3: Relationship between AD Connect and MIM
  • Module 4: AD Connect Installation
  • Module 5: Architecture and Configuration
  • Module 6: Rules Configuration
  • Module 7: Authentication Overview
    • Authentication concepts
    • Password Hash Sync
    • Pass-through Authentication
    • ADFS
    • AAD SSPR / Password Change
  • Module 8: AD Connect Maintenance and Operations
  • Module 9: Advanced Scenarios (Supported)
    • Takeover of existing AAD Tenant to be AD led – hard match vs soft match
    • Directory Extensions: namespace issues, understanding the underlying application architecture
    • Preferred Data Location: Multiple-region large (>5000 seats) customers (separation of O365 Mailboxes from tenant location)
    • Synchronizing UPN Changes: old tenant / ADFS might inhibit UPN sync
    • Data Quality issues: duplicate UPN, duplicate proxy addresses
    • Hybrid Exchange: mailbox-enabled vs mail-enabled users; what can and can’t be synced; “hybrid Exchange” option
    • M+A, Carve-out; issues, configurations
    • Premium Features: Password Writeback / Group Writeback (fix for preview limitation) / Device Writeback / More AD Connect Health
    • Non-AD scenarios: supported with MIM and AAD connector / unsupported with additional connector in AD Connect
    • Cloud-HR (e.g. Workday/SuccessFactors) connector write-back
  • Module 10: Unsupported Scenarios
    • Multiple AD Connect engines, additional connectors, multiple AAD tenants and other unsupported features such as debug tracing
New course – no reviews yet.

Read more reviews