Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
A directory is a shared information infrastructure and is used for locating, managing, administering, and organizing items and network resources. Examples of applications that use directory services are Microsoft Active Directory and Microsoft Entra ID. Identities help directory systems make determinations such as who has access to what, and who is allowed to use specific resources.
Inter-directory provisioning is provisioning an identity between two different directory services systems. The most common scenario for inter-directory provisioning is when a user already in Active Directory is provisioned into Microsoft Entra ID. This provisioning can be accomplished by agents such as Microsoft Entra Connect Sync or Microsoft Entra Connect cloud provisioning.
Inter-directory provisioning allows us to create hybrid identity environments.
Microsoft Entra ID currently supports three methods for accomplishing inter-directory provisioning. These methods are:
Microsoft Entra Connect - the Microsoft tool designed to meet and accomplish your hybrid identity, including inter-directory provisioning from Active Directory to Microsoft Entra ID.
Microsoft Identity Manager - Microsoft's on-premises identity and access management solution that helps you manage the users, credentials, policies, and access within your organization. Additionally, MIM provides advanced inter-directory provisioning to achieve hybrid identity environments for Active Directory, Microsoft Entra ID, and other directories.
This capability of inter-directory provisioning offers the following significant business benefits:
- Password hash synchronization - A sign-in method that synchronizes a hash of a users on-premises AD password with Microsoft Entra ID.
- Federation integration - can be used to configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and more AD FS server deployments.
- Synchronization - Responsible for creating users, groups, and other objects. Also for making sure identity information for your on-premises users and groups is matching the cloud. This synchronization also includes password hashes.
- Health Monitoring - can provide robust monitoring and provide a central location in the Microsoft Entra admin center to view this activity.