Question

Is DirSync a must for AD FS hosted on Azure Virtual Machines?

I keep reading Azure solution with DirSync. Is it absolutely impossible to federate directly without syncing active directory.

I am looking to implement Federated Web SSO on Azure, it would be a huge set back having to sync client Active Directories.

Was it helpful?

Solution

Yes, you will need DirSync for AD FS to function properly with Azure. What's the setback, specifically? The only real caveat I can find is a 300,000 object limit, not sure if that's per domain but it seems they're open to lifting the limit if you contact support.

If it's the setup you're concerned about, it's pretty basic. You will likely need clients to provision a VM, but that's not crazy talk or anything. Here's a few (short) TechNet articles to walk you through it:

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top