Synchronization scenarios

With the creation of a new Azure AD tenant, the directory information is managed independently from the on-premises AD forest by default. So, basically, a new onboarded user must be created in both directories: the Azure AD and the local AD. Unless you drive a cloud-only company, you always need to synchronize identities from the on-premises AD to the Azure AD tenant you own to provide a single identity. After the synchronization process is in place, Azure AD and AD can be viewed as one unique identity service. The following section provides you with several integration scenarios, including the user sign-in options. We will divide this section into the following situations:

• Single-forest integration
• Multi-forest integration
• Multi Azure Active Directory Integration
• Azure Active Directory Domain Services Integration
• Stretched Active Directory to Azure IaaS
• Azure Active Directory B2B Integration
• Azure Active Directory and Microsoft Office 365 synchronization
• Identity and password hash synchronization including SSO options
• Identity synchronization including PingFederate integration
• Identity and password hash synchronization including ADFS integration
• Azure Active Directory Connect high availability

Let's start with the single-forest integration.