Isifundo esiphelele se-Azure AD Connect kanye ne-Microsoft Entra Connect

I-Azure AD Connect (manje eyi-Microsoft Enter Connect) Kuyisihluthulelo sokuxhumanisa i-Active Directory yakho esendaweni nefu le-Microsoft: i-Azure AD kanye ne-Microsoft 365. Ngenxa yaleli thuluzi, abasebenzisi bakho bangangena ngemvume ngegama lomsebenzisi nephasiwedi efanayo kokubili esendaweni kanye nasezinsizakalweni zamafu, bagweme ama-akhawunti aphindaphindwayo futhi banciphise izinhlungu zomnyango we-IT.

Kuyo yonke le tutorial Uzobona ngokuningiliziwe umjikelezo wonke: ukulungiselela indawo esendaweni, ukudala isizinda kanye nehlathi le-Active Directory, ukulungiselela i-Microsoft Entra ID, ukufaka nokulungiselela i-Azure AD Connect, izindlela zokuqinisekisa, ukuhlunga izinto, kanye nezici ezithuthukisiwe njengokuvumelanisa i-hash yephasiwedi, ukubhala emuva, noma ukusebenzisa i-Microsoft Entra Connect Health ukuqapha ingqalasizinda.

Iyini i-Azure AD Connect futhi isetshenziselwani?

I-Azure AD Connect iyisevisi esemthethweni ye-Microsoft Isebenza "njengebhuloho" phakathi kwe-Active Directory yakho esezindaweni kanye ne-Azure Active Directory, futhi ihlanganisa i-Microsoft 365. Ivumela ukuthi ubunikazi obunabo kakade esizindeni sakho esisezindaweni ukuthi buvumelaniswe nefu, ukuze umsebenzisi asebenzise iziqinisekiso ezifanayo kuzo zombili izindawo futhi, uma efisa, ajabulele ukungena ngemvume okukodwa (i-SSO).

Iklayenti le-Azure AD Connect lifakwe kuseva yelungu yesizinda, futhi nakuba ingafakwa ngobuchwepheshe kusilawuli sesizinda, iMicrosoft itusa ukugwema lokhu ngezizathu zokuphepha kanye nokuhlukaniswa kwesevisi. Le seva izoba nesibopho sokuvumelanisa abasebenzisi, amaqembu, nezinye izinto ezivela ku-Active Directory yakho ne-Azure AD ngezikhathi ezithile.

Uma isilungisiwe, i-Azure AD Connect Ingasebenzisa amamodeli ahlukene okufakazela ubuqiniso: Ukuvumelanisa Iphasiwedi Hash (PHS), Ugunyazo Lokudlula (PTA), ubumbano olune-AD FS, noma ubumbano olunabahlinzeki abanjengoPingFederate. Iphinde inikeze izinketho ezifana ne-SSO, ukuhlunga nge-OU noma amaqembu, ukuvikelwa ekususweni okukhulu, kanye nokuvuselelwa komkhiqizo okuzenzakalelayo.

Ezimweni lapho usuvele usebenza ne-Microsoft 365 Futhi uma unabasebenzisi "befu kuphela", i-Azure AD Connect ikuvumela ukuthi uhlanganise ubunikazi: uma i-UPN kanye ne-imeyili yomsebenzisi wendawo kufana nokwabasebenzisi abasefwini, lapho kuvumelanisa, lowo msebenzisi uzoyeka ukuba "yifu kuphela" futhi uzoba umsebenzisi ovumelanisiwe kusuka ku-AD, ehlanganisa ukuphathwa kwezimfanelo kufolda yakho yendawo.

Ukulungiselela indawo ye-Active Directory yendawo

Ngaphambi kokuthi ucabange ngokuvumelanisa noma yini ne-AzureUdinga indawo esebenzayo ye-Active Directory. Uma usuvele unesizinda senkampani ekukhiqizweni, ungasisebenzisa; uma kungenjalo, ungasetha ilebhu kusukela ekuqaleni ukuze uhlole zonke izimo zobunikazi obuhlanganisiwe ngaphandle kokuthinta indawo yakho ebukhoma.

Umqondo waleli labhu ukudala iseva ezosebenza njengesilawuli sesizinda (DC) futhi isingathe i-AD DS, i-DNS, kanye namathuluzi okuphatha. Konke lokhu kungasethwa kumshini obonakalayo we-Hyper-V osebenzisa i-Windows Server, kusetshenziswa izikripthi ze-PowerShell ezenza umsebenzi omningi ube ngokuzenzakalelayo.

Ukudala umshini obonakalayo wesilawuli sesizinda

Isinyathelo sokuqala ukudala umshini obonakalayo ezosebenza njengeseva ye-Active Directory esendaweni. Ukuze wenze lokhu, ungavula i-PowerShell ISE njengomlawuli ku-host ye-Hyper-V bese usebenzisa iskripthi esichaza igama le-VM, iswishi yenethiwekhi, indlela ye-VHDX, usayizi wediski, kanye nemidiya yokufaka (i-Windows Server ISO).

Lesi skripthi sidala isizukulwane sesi-2 se-VMNgememori engaguquki, kudalwa idiski entsha ebonakalayo, bese kunamathiselwa idrayivu ye-DVD ebonakalayo ekhomba ku-ISO yesistimu yokusebenza. I-firmware yomshini bese ihlelwa ukuthi iqale i-DVD ekuqaleni, okukuvumela ukuthi wenze ukufakwa kwesistimu ngokusebenzisana.

Uma umshini obonakalayo usudaliweKusuka ku-Hyper-V Manager, kufanele uqalise iseva, uxhume ku-console yayo, bese wenza ukufakwa okujwayelekile kwe-Windows Server: khetha ulimi lwakho, faka ukhiye womkhiqizo, wamukele imigomo yelayisensi, ukhethe ukufakwa ngokwezifiso, bese usebenzisa idiski esanda kudalwa. Ngemva kokuthi ukufakwa sekuqediwe, qala kabusha, ungene ngemvume, bese usebenzisa zonke izibuyekezo ezitholakalayo.

Ukucushwa kokuqala kwe-Windows Server

Njengoba uhlelo lokusebenza selufakiwe kakadeIseva kumele ilungele ukuthola indima ye-Active Directory Domain Services. Lokhu kuhilela ukuyinika igama elifanayo (isibonelo, i-DC1), ukumisa ikheli le-IP elingaguquki, ukuchaza izilungiselelo ze-DNS, kanye nokwengeza amathuluzi okuphatha adingekayo kusetshenziswa izici ze-Windows.

Ukusebenzisa esinye iskripthi se-PowerShell Ungenza le misebenzi ibe ngokuzenzakalela: ukusetha ikheli le-IP, imaski, isango kanye namaseva e-DNS (ngokuvamile iseva ngokwayo kanye, njengesibili, i-DNS yomphakathi efana ne-8.8.8.8), ukuqamba kabusha ikhompyutha nokufaka ama-Active Directory RSAT, ukurekhoda konke kufayela lelogi ukuze kuhlolwe.

Ngemva kokusebenzisa lezi zinguquko Iseva izoqala kabusha futhi ilungele ukukhushulelwa kumlawuli wesizinda ehlathini elisha, ngakho-ke uzobe unesimo sakho se-AD esisezindaweni esisebenzayo ukuze kuhlolwe noma kuhlanganiswe nefu ngempela.

Ukudala ihlathi kanye nesizinda se-Active Directory

Isinyathelo esilandelayo ukufaka i-AD DS, i-DNS kanye ne-Group Policy Management Console (GPMC), bese udala ihlathi elisha le-Active Directory. Futhi, i-PowerShell ikuvumela ukuthi usheshise inqubo ngokufaka izici ezidingekayo bese usebenzisa i-cmdlet ye-Install-ADDSForest enazo zonke izinhlaka ezidingekayo.

Encazelweni yehlathi ucacisa igama lesizinda (isibonelo, i-contoso.com), igama le-NetBIOS, izindlela eziya ku-database ye-Active Directory (NTDS), amalogi, kanye ne-SYSVOL, kanye namazinga okusebenza kwesizinda kanye nehlathi. Iphasiwedi ye-Directory Services Restore Mode (DSRM), ebalulekile emisebenzini yokutakula, nayo ichazwe.

Uma iseva iqala kabusha ngemva kokukhushulwaUsuvele unendawo ye-Windows Server AD enesizinda sokusebenza, i-DNS ehlanganisiwe, kanye nawo wonke amathuluzi adingekayo okuphatha abasebenzisi, amaqembu, ama-OU, kanye nezinqubomgomo zeqembu.

Ukudala abasebenzisi bokuhlola ku-Active Directory

Njengoba ihlathi lisebenza, kuyasiza ukuba nama-akhawunti okuhlola atholakalayo. Ukuze uqinisekise ukuvumelanisa ne-Azure AD, ungasebenzisa iskripthi se-PowerShell ukudala, isibonelo, umsebenzisi "u-Allie McCray" onegama lokungena (samAccountName), iphasiwedi yokuqala, igama lokubonisa, kanye nenketho yokuvimbela iphasiwedi ukuthi iphelelwe yisikhathi.

Isikripthi singamaka futhi umsebenzisi Inikwe amandla ukuvimbela abasebenzisi ukuthi bashintshe iphasiwedi yabo ekungeneni okulandelayo, lokhu kuzobabeka endleleni efanele yesitsha (isibonelo, CN=Users,DC=contoso,DC=com). Laba basebenzisi bazovumelaniswa nama-ID abo e-Microsoft Entra nge-Azure AD Connect.

Ukulungiselela isizinda sendawo ukuze sivumelaniswe

Ngaphambi kokusebenzisa i-Azure AD Connect, kuyalulekwa ukuthi ubuyekeze i-AD yakho. Ukuqinisekisa ukuthi ihlangabezana nezidingo ze-Microsoft: izizinda ezilungiselelwe kahle, izijobelelo ze-UPN ezilungile, izimfanelo ze-imeyili ezihambisanayo, kanye nokungabi nedatha ephikisanayo. Kulo msebenzi, i-Microsoft inikeza ithuluzi le-IdFix, elisiza ekutholeni izinto eziyinkinga.

Ezindaweni eziningi kukhona isizinda sendawo yohlobo lwe-mydomain.local kanye, ngakolunye uhlangothi, isizinda se-imeyili somphakathi, isibonelo i-mydomain.com esetshenziswa ku-Microsoft 365. Ukuze ukuvumelanisa kuhlanzeke, kunconywa ukwengeza isijobelelo se-UPN esihambisana nesizinda se-imeyili somphakathi ku-AD yendawo.

Kusuka ku-“Active Directory Domains and Trusts” Ungavula izakhiwo bese wengeza isijobelelo esisha se-UPN (isibonelo, i-mydomain.com). Bese, ezakhiweni ze-akhawunti yomsebenzisi, kuthebhu ethi "I-Akhawunti", shintsha i-UPN yomsebenzisi kusuka ku-user@mydomain.local kuya ku-user@mydomain.com, uyivumelanise nekheli le-imeyili ku-Microsoft 365.

Nakuba ukushintsha i-UPN kunconywa kakhulu Ukuze kube lula ukungena ngemvume okulandelayo kanye ne-SSO ekugcineni, lolu shintsho alushintshi indlela yokungena ngemvume yakudala ye-DOMAIN\user (ngaphambi kwe-Windows 2000), ngakho aluthinti izinhlelo zokusebenza noma izikripthi eziqhubeka nokusebenzisa leyo fomethi.

Kubalulekile futhi ukugcwalisa isici seposi ngendlela efanele. yama-akhawunti abasebenzisi anekheli labo le-imeyili eliyinhloko. Uma usuvele unabasebenzisi abadalwe ngqo efwini, inhlanganisela ye-UPN kanye ne-imeyili ehambisanayo phakathi kwezakhiwo kanye ne-Microsoft 365 kuzovumela, ngemva kokuvumelanisa, lawo ma-akhawunti ukuthi ahlanganiswe kanye nomsebenzisi wefu ukuthi abe ubunikazi obuvumelanisiwe kusukela ku-AD.

Ukusethwa kanye nokucushwa kwe-Microsoft Entra ID (i-Azure AD)

Ukuze isiqondisi sendawo sivumelaniswe Udinga i-Microsoft Entra ID eqashile. Le qashile iyisiqondisi samafu lapho kuzokwakhiwa khona amakhophi abasebenzisi bakho, amaqembu, namadivayisi avela endaweni ekhona.

Uma ungenaye kakade umqashiUngayakha ngokufinyelela isikhungo sokuphatha se-Microsoft. Ngena ngemvume nge-akhawunti enokubhalisa. Kusukela esigabeni esithi Ukubuka Konke, khetha inketho yokuphatha abaqashi bese udala entsha, unikeze igama lenhlangano kanye nesizinda sokuqala (isibonelo, something.onmicrosoft.com).

Uma i-wizard isiqedile, uhlu lwemibhalo luyadalwa. Futhi ungayiphatha kusukela ku-portal. Kamuva, uzokwazi ukuhlanganisa izizinda ezenziwe ngokwezifiso (njenge-contoso.com) futhi uziqinisekise ukuthi zizosetshenziswa njengezizinda eziyinhloko kuma-UPN abasebenzisi bakho abavumelanisiwe kusukela ku-Active Directory.

Ukudala i-akhawunti yomphathi wobunikazi obuhlanganisiwe

Ku-Microsoft Entra eqashile, kunconywa ukudala Kuzosetshenziswa i-akhawunti ezinikele ukuphatha ingxenye ehlanganisiwe. Le akhawunti izosetshenziswa, isibonelo, ekucushweni kokuqala kwe-Azure AD Connect kanye nemisebenzi ehlobene nobunikazi.

Kusukela esigabeni sabasebenzisi Udala umsebenzisi omusha, umnike igama kanye negama lomsebenzisi (i-UPN), bese ushintsha indima yakhe ibe "uMqondisi Wobunikazi Ohlanganisiwe." Ngesikhathi sokudalwa, ungabuka futhi ukopishe iphasiwedi yesikhashana abelwe yona.

Ngemva kokudala le akhawunti, kuyalulekwa ukuthi ungene ngemvume. Iya ku-myapps.microsoft.com ngalelo gama lomsebenzisi kanye nephasiwedi yesikhashana, okuphoqa ukuthi iphasiwedi ishintshwe ibe ehlala njalo. Lokhu kuzoba ubunikazi bokuphatha ozobusebenzisa ezinyathelweni eziningana zokusetha ezihlanganisiwe.

Ukufakwa kwe-Azure AD Connect (Microsoft Entra Connect)

Njengoba indawo ilungile futhi umqashi wefu elungileManje usungafaka i-Azure AD Connect kuseva yelungu lesizinda sendawo. I-Microsoft incoma ukuthi ungasebenzisi isilawuli sesizinda ukuze unciphise izingozi zokuphepha nokutholakala.

Ukulanda i-Azure AD Connect Itholakala ku-portal ye-Azure Active Directory, esigabeni se-Azure AD Connect, noma ngqo ku-Microsoft Download Center. Uma usuyilandile i-installer, yisebenzise kuseva ekhethiwe.

Imigomo yelayisensi iyamukelwa ngesikhathi sewizadi yokufaka. Unezinketho ezimbili: ukusetha okusheshayo noma ukusetha ngokwezifiso. Inketho esheshayo ilungiselela ukuvumelanisa okugcwele kwe-Active Directory ngokuzenzakalelayo isebenzisa indlela ethi "ukuvumelanisa iphasiwedi ye-hash", kuyilapho inketho yangokwezifiso ivumela ukulawula okukhulu kakhulu phezu kwezimfanelo, izizinda, ama-OU, izindlela zokuqinisekisa, kanye nezici ezengeziwe.

Ekufakweni okujwayelekile, kuvame ukuthakazelisa kakhulu Khetha indlela yangokwezifiso, ikakhulukazi uma udinga ukukhawulela ukuthi yimaphi amayunithi enhlangano avumelanisiwe, ufuna ukuhlola izindlela ezahlukene zokungena ngemvume, noma une-topology yamahlathi amaningi.

Ukulungiselela indlela yokungena ngemvume

Elinye lamaphuzu abalulekile kumsizi Kuyindlela yokukhetha yokufakazela ubuqiniso abasebenzisi bakho abazoyisebenzisa lapho befinyelela izinsiza zamafu. I-Azure AD Connect inikeza izinketho eziningana ezakhelwe ngaphakathi, ngayinye inezinzuzo zayo kanye nezidingo zayo.

1. Ukuvumelanisa i-Password Hash (PHS)Le ndlela ivumelanisa ne-Azure AD i-hash yephasiwedi eyengeziwe igcinwe ku-Active Directory yakho esezindaweni. Umsebenzisi ungena efwini ngqo nge-Azure AD, esebenzisa iphasiwedi efanayo naleyo esezindaweni ezise ...

2. Ukuqinisekiswa kokudlula (i-PTA)Kulesi simo, amaphasiwedi awagcinwa ku-Azure AD; lapho umsebenzisi ezama ukungena ngemvume, ukuqinisekiswa kudluliselwa ngama-ejenti asezindaweni aqinisekisa iziqinisekiso ngokumelene ne-AD yendawo. Lokhu kukuvumela ukuthi usebenzise imikhawulo yokufinyelela yendawo, amashejuli, njll., ngenkathi ugcina ukulawula kokuqinisekisa ngaphakathi kwengqalasizinda yakho.

3. Inhlangano ne-AD FSI-Azure AD idlulisela ubuqiniso ohlelweni lwe-federation olusekelwe ku-Active Directory Federation Services. Kudinga ukusebenzisa amaseva e-AD FS, futhi ngokuvamile, i-proxy yohlelo lokusebenza lwewebhu. Kuyinkimbinkimbi kakhulu ukuyigcina, kodwa inikeza ukulawula okuphezulu kanye nokuhambisana nezimo ezithuthukisiwe.

4. I-Federation ne-PingFederate: kufana necala langaphambilini, kodwa kusetshenziswa i-PingFederate njengesixazululo somfelandawonye esikhundleni se-AD FS, ezinhlanganweni esezivele zinaleyo ngqalasizinda yobunikazi.

5. Ungalungisi indlela yokungena ngemvume: yenzelwe uma usuvele unesixazululo somfelandawonye weqembu lesithathu futhi ungafuni ukuthi i-Azure AD Connect yenze noma yini isebenze ngokuzenzakalela kule ndawo.

Ngaphezu kwalokho, ungavumela ukungena ngemvume okukodwa (i-SSO) Kuhlanganiswe ne-PHS noma i-PTA. Uma i-SSO ivuliwe, futhi ngenqubomgomo yeqembu (i-GPO), amakhompyutha ahlanganiswe nesizinda angangena ngemvume esebenzisa i-UPN yomsebenzisi, ngokuvamile efana nekheli lakhe le-imeyili, okuwavimbela ukuthi afake ngokuphindaphindiwe iziqinisekiso zawo lapho efinyelela izinsizakalo ezifana ne-portal ye-Microsoft 365.

Ukuxhuma ku-Microsoft 365 kanye ne-Active Directory yendawo

Ku-wizard ye-Azure AD Connect kuzodingeka unikeze Okokuqala, uzodinga iziqinisekiso zomphathi wokuqasha we-Microsoft Entra (isibonelo, i-akhawunti yomphathi wobunikazi obuhlanganisiwe edalwe ngaphambilini). Lokhu kuvumela ithuluzi ukuthi lilungiselele ingxenye yamafu futhi libhalise iseva njengomthombo wokuvumelanisa.

Ngemuva kwalokho, iziqinisekiso ziyacelwa ku-akhawunti enezimvume ku-AD yendawo. ukudala isixhumanisi sokuvumelanisa nehlathi elisendaweni. Uma seliqinisekisiwe, uhla lwemibhalo lwendawo lufakwa ohlwini lwemithombo yedatha yokuvumelanisa.

Esinyathelweni esilandelayo ukhetha ukuthi yisiphi isici ozosisebenzisa njengegama lomsebenzisi eliyinhloko Kuma-akhawunti efu, indlela evamile ukusebenzisa i-userPrincipalName, kodwa kwezinye izimo ungakhetha insimu ye-imeyili uma ihambisana futhi ihlelwe kahle. Ungabonisa nokuthi uzoqhubeka yini ngaphandle kokuthi zonke izizinda ze-UPN ziqinisekiswe ku-Azure AD okwamanje (kuwusizo uma isizinda se-AD siyimfihlo).

Ukukhethwa kwe-OU kanye nokuhlunga izinto

I-Azure AD Connect ikuvumela ukuthi uchaze ukuthi iyiphi i-subset Ihlathi lakho le-Active Directory livumelaniswe nefu. Ungakhetha wonke ama-domain, amayunithi athile enhlangano, noma ngisho nokuhlunga ngezici ukuze unciphise ububanzi.

Empeleni, ngokuvamile kungumqondo omuhle Qala ngokuvumelanisa ama-OU kuphela lapho abasebenzisi abahlanganyela khona ku-pilot behlala khona, noma sebenzisa iqembu elithile lokuphepha elinamalungu alo azokopishwa ku-Azure AD. Lokhu kunciphisa ingozi yokuvumelanisa ama-akhawunti esevisi, izinto eziphelelwe yisikhathi, noma ulwazi okungafanele luphume endaweni ekhona.

Kuyafaneleka ukuqaphela ukuthi izinguquko ezilandelayo Izinguquko esakhiweni se-OU (ukuqamba kabusha, ukuhambisa izitsha, njll.) zingathinta ukuhlunga. Isu elivamile ukuvumelanisa yonke isizinda kodwa ukhawulele ukuhlunga ngokusekelwe kubulungu beqembu, ukugwema ukuthembela ngokweqile esakhiweni senhlangano.

Izinketho ezengeziwe zokucushwa

Isipho sokugcina sezikrini zomsizi Izici ezengeziwe zifaka phakathi ukubhalwa kabusha kwephasiwedi, ukubhala kabusha idivayisi, ukuhlanganiswa kwe-hybrid Exchange, kanye nokuvikelwa ekususweni okukhulu.

Ukubhalwa kwephasiwedi okuhlehlisiwe Ivumela abasebenzisi ukushintsha noma ukusetha kabusha iphasiwedi yabo kusuka efwini (isibonelo, kusuka ku-portal yokuzisiza) nokuthi lolo shintsho lusetshenziswe naku-Active Directory esezindaweni, kuhlonishwe inqubomgomo yephasiwedi yenhlangano. Ezinkampanini eziningi, lokhu kuyinzuzo ebalulekile yokusekela.

Ukubhala kabusha idivayisi Ivumela amadivayisi abhaliswe ku-Microsoft Entra ID ukuthi abuyiselwe ku-Active Directory yendawo, okusiza ngezimo zokufinyelela ezinemibandela lapho udinga ukulandelela amadivayisi kuzo zombili izinhlangothi.

Isici sokuvimbela ukususwa ngengozi Ivulwa ngokuzenzakalelayo futhi ikhawulela inani lezinto ezingasuswa ekugijimeni okukodwa kokuvumelanisa (isibonelo, ku-500). Uma lo mkhawulo udluliwe, ukuvumelanisa kuyavinjelwa ukuvimbela ukususwa kwesisindo ngengozi, okubalulekile ezindaweni ezinkulu.

Ekugcineni, izibuyekezo ezizenzakalelayo Ivulwa ngokuzenzakalelayo ekufakweni okunesethaphu esheshayo futhi igcina i-Azure AD Connect isesikhathini ngezinguqulo zakamuva, ilungisa amaphutha futhi ingeza ukuhambisana ngaphandle kokuthi ubuyekeze iseva ngayinye ngesandla.

Ukuqinisekiswa kokuvumelanisa nokusebenza kwansuku zonke

Ngemva kokuqeda ukufakwa kanye ne-wizardI-Azure AD Connect ingaqalisa ngokushesha ukuvumelanisa okugcwele uma ukucacisile. I-wizard ngokwayo inikeza inketho yokusebenzisa umjikelezo wokuqala ngokushesha nje lapho uqeda, okunconywayo ukuqinisekisa ukuthi konke kusebenza kahle.

Kuseva lapho ufake khona i-Azure AD Connect Ungavula ikhonsoli ethi "Isevisi Yokuvumelanisa" kusukela kumenyu yokuqala. Lapho uzobona umlando wokwenza, okuhlanganisa ukuvumelanisa kokuqala, noma yimaphi amaphutha, kanye nemininingwane yokungenisa izinto, ukuvumelanisa, kanye nokuthumela ngaphandle.

Ku-portal ye-Microsoft 365 noma ku-portal ye-Microsoft Login Ungahlola uhlu lwabasebenzisi ukuqinisekisa ukuthi bavela njokuthi “Kuvumelaniswe ne-Active Directory” esikhundleni sokuthi “Ifu Kuphela”. Kusukela ngaleso sikhathi kuqhubeke, izimfanelo eziyinhloko (igama lokuqala, isibongo, ikheli le-imeyili, njll.) ziphathwa kusukela ku-Active Directory yendawo.

I-Azure AD Connect isebenzisa umjikelezo ozenzakalelayo Ukuvumelanisa kwenzeka njalo ngemizuzu engama-30, yize ungaphoqa ukuvumelanisa ngesandla usebenzisa i-PowerShell uma udinga ushintsho lubonakale ngokushesha. Kungumkhuba omuhle ukubhala phansi lokhu kuziphatha ukuze ithimba lokusekela lazi ukuthi yini okufanele liyilindele.

Izimo ezithuthukisiwe: amahlathi amaningi kanye namaseva engeziwe

Ezinhlanganweni eziyinkimbinkimbi kakhulu Ungase uhlangane namahlathi amaningi e-Active Directory, ngalinye linesizinda salo kanye nabasebenzisi balo. Kungase kube namahlathi ezinsiza lapho kuhlala khona amabhokisi eposi axhunyiwe noma ezinye izinsizakalo.

I-Azure AD Connect isilungele lezi zindlela zokulungisa izintoLokhu kukuvumela ukuthi wengeze amahlathi amaningi njengemithombo yokuvumelanisa futhi usebenzise imodeli yokuhlinzeka ngokumemezela. Lokhu kusho ukuthi imithetho yokuhlanganisa, ukuguqula, kanye nokugeleza kwezimfanelo ichazwa ngokumemezela futhi ingalungiswa ukuze ivumelane nomklamo wakho wobunikazi.

Kwamalabhorethri athuthukile kakhulu Ihlathi lesibili (isb., i-fabrikam.com) lingadalwa ngesilawuli salo sesizinda (CP1) ngokuphinda izinyathelo zokudalwa kwe-VM, ukufakwa kwesistimu, ukucushwa kwe-IP ne-DNS, ukukhushulwa ku-DC, kanye nokudalwa kwabasebenzisi bokuhlola. Lokhu kuvumela ukuhlolwa kwezimo zamahlathi amaningi kanye nokuvumelanisa kwamafu nezizinda ezahlukene.

Ezindaweni zokukhiqiza, kunconywa ukuba Iseva ye-Azure AD Connect ibekwa kumodi yokulinda noma kumodi yokubeka. Iseva yokubeka igcina ikhophi yokucushwa futhi yenza ukungenisa nokuvumelanisa kwangaphakathi, kodwa ayithumeli izinguquko ku-Azure AD. Uma kwenzeka iseva eyinhloko yehluleka, ungashintshela kuseva yokubeka isiteji ngomthelela omncane.

I-Microsoft Entra Connect Health: ukuqapha kanye nezixwayiso

Ukugcina ingqalasizinda yobunikazi obuhlanganisiwe ilawulwaI-Microsoft inikeza i-Microsoft Entra Connect Health, ikhambi eliphambili eliqapha izingxenye ezibalulekile njenge-Azure AD Connect (ukuvumelanisa), i-AD FS, kanye ne-AD DS, enikeza izexwayiso, izilinganiso zokusebenza, kanye nokuhlaziywa kokusetshenziswa.

Lo msebenzi usekelwe kuma-ejenti. Lawa ma-ejenti afakwe kumaseva obunikazi: amaseva e-AD FS, abalawuli besizinda, kanye namaseva e-Azure AD Connect. Athumela ulwazi lwezempilo nokusebenza kusevisi yamafu, lapho ungalubuka khona ku-portal ye-Connect Health ezinikele.

Ukuze uqale, udinga ukuba namalayisense. Kusuka ku-Microsoft, faka i-ID P1 noma i-P2 (noma isivivinyo). Bese ulanda ama-ejenti e-Connect Health kusuka ku-portal bese uwafaka kuseva ngayinye efanele. Uma isibhalisiwe, isevisi ithola ngokuzenzakalelayo ukuthi yiziphi izindima eziqashwayo.

Ku-portal ye-Connect Health uzothola amaphaneli ahlukeneEyodwa yezinsizakalo zokuvumelanisa (i-Azure AD Connect), enye yezinsizakalo zomfelandawonye (i-AD FS), kanti enye yehlathi le-AD DS. Kuyo ngayinye, ungabuka izexwayiso ezisebenzayo, isimo sokuphindaphinda, izinkinga zesitifiketi ezingaba khona, amaphutha okuqinisekisa, kanye nezitayela zokusebenzisa.

Ngaphezu kwezici zobuchwepheshe, i-Connect Health ifaka phakathi izinketho Ukusetha ukufinyelela okusekelwe ezindimeni (IAM) futhi, ngokuzithandela, ukugunyaza iMicrosoft ukuthi ifinyelele idatha yokuxilonga ngezinjongo zokusekela kuphela. Le nketho ikhutshaziwe ngokuzenzakalelayo, kodwa ingaba wusizo uma udinga ukwesekwa okuthuthukisiwe kweMicrosoft ukuxazulula izinkinga eziyinkimbinkimbi.

Ngalo lonke lolu hlelo lokusebenza oluhleliwe—i-AD yendawo, i-Microsoft Entra ID, i-Azure AD Connect, kanye ne-Connect Health— Uneplatifomu ephelele yobunikazi obuhlanganisiwe, ekwazi ukuletha ukungena ngemvume okukodwa, ukuphathwa kwe-akhawunti eyodwa kanye nephasiwedi, ukutholakala okuphezulu, kanye nokubonakala esimweni sengqalasizinda; inhlanganisela eyenza impilo ibe lula kumsebenzisi wokugcina futhi ikunike ukulawula okudingayo ukuze usebenze ngokuphephile nangokuguquguqukayo.