Azure AD Driver Hybrid Mode / Deployment Scenarios
One of my identity manager customers demands a flexible, state of the art provisioning of an on-prem AD, an AzureAD, an on-prem Exchange and Exchange Online. I’m asking myself if the hybrid approach as stated in the doc https://www.netiq.com/documentation/identity-manager-48-drivers/msazure_ad/data/driver-features.html is the way to go, any thoughts?
At the time all of the above is done using the ad driver towards on-prem AD and the powershell driver towards on-prem Exchange – in between Azure AD Connect, and some custom powershell scripts – not surprisingly, this setup has disadvantages, timing issues (mailbox enable) a.o.
If you like to share your experiences and thoughts I’m pleased to discuss.
It all depends on what the customer is already licensed for.
The NetIQ AzureAD driver is licensed IIRC as part of the Enterprise? license bundle, can be a significant investment if the customer doesn't already have licenses due to using another drivers from that bundle (IIRC - MDAD/Old O365 driver, Sharepoint)
That said, if one wants to use the full feature set of Azure/O365 - it has become mandatory to use Azure AD Connect, so a hybrid approach is often the best way to go.
...thanks, the customer hat not (yet) licensed the Integration Module for Microsoft Enterprise, he is licensed for the Integration Module for Database and Integration Module for Tools ... and yes, with approx. 35000 remote mailboxes it would mean a significant investment... however, let’s assume he would own the licenses… would the Driver for AzureAD be the best approach from your perspective?
What exactly are you trying to achieve?
AzureAD driver provides you great flexibility (as internally it uses GRAPH API) and many options available but depends on your requirements you can utilize his functionality, or maybe you will not...