http://technet.microsoft.com/en-us/library/jj863117.aspx
In a Windows Azure Active Directory (Windows Azure AD) environment, source of authority refers to the location where Active Directory objects, such as users and groups, are mastered (an original source that defines copies of an object) in a cross-premises deployment. Windows Azure AD requires a single source of authority for every object. This reduces the likelihood that directory data could be inadvertently overwritten. By default, Windows Azure AD directory objects are mastered in the cloud, which means they must be edited by using cloud-based tools.
Therefore, when you create objects by using either the Windows PowerShell cmdlet or account portal tools such as the Office 365 portal, you are mastering objects from within the cloud. All subsequent changes to these objects are also made by using the same tools. In this scenario, the source of authority is in the cloud. For more information about the various tools that you can use to create and manage objects in Windows Azure AD, see Administering your Azure AD directory.
Alternatively, when you are running Active Directory synchronization, you are mastering objects from within your on-premises Active Directory. Once Directory Synchronization has been activated, and after the first sync cycle has been completed, the source of authority is transferred from the cloud to the on-premises Active Directory. In this scenario, users, contacts, and groups are created on-premises and then synchronized to the cloud. All subsequent changes to the cloud objects (with the exception of licensing) are mastered from the on-premises Active Directory tools. The corresponding cloud objects are read-only. Administrators cannot edit cloud objects if the source of authority is on-premises.
No comments:
Post a Comment