Azure AD Pass-through authentication

  • 335 Views
  • Last Post 29 May 2017
amalchev posted this 16 May 2017

Hello All, I hope my question is not an off topic.  A while ago, I deployed a DirSync server +ADFS server for O365 authentication. As DirSync was deprecated, I migrated to Azure AD connect. My current setup is two ADFS servers (Windows 2012 R2) and two Azure AD connect servers (one primary and one standby). Everything is working as expected without any issues. Now, I would like to test the pass-through authentication in Azure AD connect. I have installed the connector following instructions in the Microsoft’s web site. Then tried to enable Pass-Through using the Azure AD connect’s wizard but it is failing with "Pass-through authentication cannot be configured on this machine because Azure AD Connect agent is already installed".  I have looked in the trace file and event log but couldn’t find any helpful information. Have you seen that error before? Thanks in advance for your help.Nasko

Order By: Standard | Newest | Votes
kebabfest posted this 29 May 2017

Thanks Atanas. The plan on this particular project has changed, but ill definitely give it a go the  first opportunity i have. 

show

amalchev posted this 28 May 2017

Hi Eoin, Yes, I got it working now.The problem was that I had installed the Application Proxy Connector before I ran the Azure AD connect wizard to configure the Pass-through authentication. You should first run the wizard and select Pass-Through Authentication, then it will give an error but don’t close it. Install the Proxy connector as described here:https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication Then retry the wizard and it will complete successfully. The other “issue” that I had is that it enables password sync and cannot be turned off in advance. Once you complete the wizard all passwords on the selected users will be synced with Azure:   You will need to run the wizard again and turn off the password sync if you don’t need it. Also, you will need to convert the domain if it is federated.  Thanks!Nasko   

show

kebabfest posted this 28 May 2017

Hi Atanas,Did you get this working in the end with the pass through authentication ? I am looking at setting this up for a client in the next couple of weeks and would be interested to hear how you get on.
Eoin  


show

amalchev posted this 16 May 2017

Yes, we are planning to use Azure AD connect with Azure Conditional Access.
Best Regards,
Nasko
On May 16, 2017 21:48, "Orion Withrow" <orionwithrow@xxxxxxxxxxxxxxxx> wrote:
If you are not going to use ADFS for SSO with any other providers, that is a lot of work/effort to maintain when AD Connect w/ SSO works well
On May 16, 2017, at 4:41 PM, Atanas Malchev <amalchev@xxxxxxxxxxxxxxxx> wrote:
Hi Tony,
Thanks for your reply.Actually, we are just testing office 365 and we have 10 users out of 3000. We haven't migrated yet.We prefer the pass-through auth, because we won't need a web app proxy servers and opening any Firewall ports.The traffic will come from MS only. 
Best regards,
Nasko


show

amalchev posted this 16 May 2017

Hi Tony,
Thanks for your reply.Actually, we are just testing office 365 and we have 10 users out of 3000. We haven't migrated yet.We prefer the pass-through auth, because we won't need a web app proxy servers and opening any Firewall ports.The traffic will come from MS only. 
Best regards,
Nasko


show

TonyFE posted this 16 May 2017

Hi Nasko




I assume this is your test environment and you're simply keen on having a look at the features?  Otherwise, I'm not sure there is sufficient value in moving from ADFS.




Tony











show

amalchev posted this 16 May 2017

Thanks! That will be the next thing to test.
Best regards,
Nasko


show

amalchev posted this 16 May 2017

Yes, it is but I think it supported by Microsoft.
Best regards,
Nasko

show

Close