CalumO.82120 (Customer) asked a question.
We're currently investigating the process of migrating our devices from domain-joined to AzureAD joined. We do however still have some on-premise resources which still require domain-based authentication (ie File Servers, Printers)
According to Microsoft documents, AzureADConnect provides seamless single sign-on to on premise resources via kerberos TGT tickets when there is a domain controller in sight.
As part of the synchronization process, Azure AD Connect synchronizes on-premises user information to Azure AD. When a user signs in to an Azure AD joined device in a hybrid environment:
- Azure AD sends the name of the on-premises domain the user is a member of back to the device.
- The local security authority (LSA) service enables Kerberos authentication on the device.
https://docs.microsoft.com/en-us/azure/active-directory/devices/azuread-join-sso
I would prefer that Okta mastered the accounts via the Universal Sync, however I've been unable to get this working.
- Has anybody managed to get this working and can explain how?
- Or will I need to use ADConnect to sync the accounts and just have Okta configure the licenses?
- If so, what will the impact be when we switch back to Okta-mastered?
Thanks
Hi there! Apologies for the lack of response to your question. Going forward, we're implementing a new process to ensure that all Discussions receive a response from either another Community member or from the Okta Support team within 7 days of posting. Thank you for your patience while we put this into action!
I know this question is a bit old now, but If you’re still looking for information or help I’d recommend reaching out to the fine folks in the Admin Pro Tips group to see if anyone there can help: https://support.okta.com/help/s/group/0F90Z000000EK23SAG/admin-pro-tips
Thanks 🙂