Azure ADConnect Architecture integrate on-premises AD Domains with Azure AD

If you have an Office 365 or Windows Azure subscription you can integrate on-premises Active Directory domains with Azure Active Directory.

Azure Active Directory (Azure AD) is a cloud-based multi-tenant directory and identity service. This reference architecture from Microsoft shows best practices for integrating on-premises Active Directory domains with Azure AD to provide cloud-based identity authentication.

Related technology: Installing Microsoft Azure Active Directory Module for Windows Powershell

This exposure focus on Azure AdConnect Architecture having the following components:

Azure AD tenant. An instance of Azure AD created by your organization. It acts as a directory service for cloud applications by storing objects copied from the on-premises Active Directory and provides identity services.

Web tier subnet. This subnet holds VMs that run a web application. Azure AD can act as an identity broker for this application.

On-premises AD DS server. An on-premises directory and identity service. The AD DS directory can be synchronized with Azure AD to enable it to authenticate on-premises users.

Azure AD Connect sync server. An on-premises computer that runs the Azure AD Connect sync service. This service synchronizes information held in the on-premises Active Directory to Azure AD. For example, if you provision or deprovision groups and users on-premises, these changes propagate to Azure AD.

VMs for N-tier application. The deployment includes infrastructure for an N-tier application. For more information about these resources, see Run VMs for an N-tier architecture.