After setup, the only required account is the Directory Synchronization Accounts role account. The Global Administrator role isn't required after initial setup. For more information, see Enterprise access model. An organization can use an enterprise access model to host administrative accounts, workstations, and groups in an environment that has stronger security controls than a production environment. You can manage the administrative accounts that are used in Azure AD Connect by using an enterprise access model. For more information, see Install Azure AD Connect by using SQL delegated administrator permissions. Provisioning the database can now be performed out-of-band by the SQL Server administrator and then installed by the Azure AD Connect administrator if the account has database owner (DBO) permissions. This account can be the same account as the Enterprise Administrator account. The instance of SQL Server can be local or remote to the Azure AD Connect installation.
SQL SA account (optional): Used to create the ADSync database when you use the full version of SQL Server. You can view Global Administrator and Hybrid Identity Administrator accounts in the Azure portal. Local Administrator account: The administrator who is installing Azure AD Connect and who has local Administrator permissions on the computer.ĪD DS Enterprise Administrator account: Optionally used to create the required AD DS Connector account.Īzure AD Global Administrator account: Used to create the Azure AD Connector account and to configure Azure AD.
You also need the following accounts to install Azure AD Connect: Learn about accounts that are used and created and the permissions that are required to install and use Azure AD Connect.Īzure AD Connect uses three accounts to synchronize information from on-premises Windows Server Active Directory (Windows Server AD) to Azure Active Directory (Azure AD):ĪD DS Connector account: Used to read and write information to Windows Server AD by using Active Directory Domain Services (AD DS).ĪDSync service account: Used to run the sync service and access the SQL Server database.Īzure AD Connector account: Used to write information to Azure AD.
0 kommentar(er)
