XZY Co., Ltd. is a well-known company in the automotive industry that specializes in supplying customers with quality automobiles. The company wants to move its IT infrastructure to the Microsoft Azure cloud. The main challenge is synchronizing on-premises Active Directory objects to Azure AD using the Azure AD Connect agent. This company has its XXXXX users, YYYY groups, and ZZZZ number of devices that need to be synced with Azure AD. However, the company now wants to use Password Hash Authentication and enable Single Sign-on (SSO) to access Azure AD registered cloud applications. If users reset their passwords from any cloud application [For example, OneDrive, Outlook.com or microsoft365.com, etc.], they need to be written back to the on-premises Active Directory. A staging sync server should be present for redundancy, and for security reasons, the Azure AD Connect agent must not be installed directly on any of the Domain Controllers [PDC, ADC, RoDC & Child-Dc etc.].
Our expert cloud transformation team successfully spearheaded the migration of over 600 Windows servers to the Azure cloud, seamlessly configuring critical components such as vWAN, Site-2-Site, and Point-2-Site VPNs, alongside deploying On-prem Discovery Appliances for both Dependent and Independent Disk, utilizing both Agent-based and Agentless approaches. Our comprehensive approach extended beyond migration, encompassing meticulous pricing assessments, dependencies analysis, and the development of robust business cases. With a keen focus on resilience, we meticulously crafted a disaster recovery plan to ensure the continuity of operations. From inception to completion, our end-to-end solutions showcase our proficiency and dedication to delivering unparalleled cloud transformation services.
Our cutting-edge cloud transformation team crafted a robust architecture for a valued client, implementing a strategic combination of Azure FrontDoor, Application Gateway, and a suite of storages including Azure Managed Instance, Azure SQL Server, Azure SQL Database, Cosmos DB, and Storage Account. Ensuring enhanced security, we seamlessly integrated their applications with private endpoints and utilized Azure DNS for efficient management. Long-term log storage was optimized through Log Analytics Workspace, while Event Hub facilitated short-term logging. Leveraging vWAN connectivity, we orchestrated seamless communication across their network. Security measures were paramount, with Layer 7 protection implemented via Azure FrontDoor, and a meticulous approach to safeguarding databases from internet exposure. Notably, East-West traffic flowed securely through Microsoft Backbone Internet Connection, showcasing our commitment to delivering comprehensive and secure cloud solutions.
In tackling a persistent challenge for our client with over 12,000 users in its local Active Directory, we implemented a comprehensive automation solution to address issues related to stale user accounts. Our approach involved deploying an Automation Account in Azure and creating powerful Runbooks with PowerShell scripts. We initiated the process by intelligently filtering Organizational Units for synchronization to Azure and strategically established Administrative Units, complemented by Dynamic Groups for each location. Our system meticulously monitored both local and cloud activities of users, identifying those inactive for the last 90 days. Leveraging a hybrid worker sensor on the Active Sync Server, we seamlessly disabled inactive users from the on-premises Active Directory. This strategic move not only resolved the immediate issue but also ensured that disabled users wouldn't be inadvertently reactivated during subsequent cloud sync cycles, showcasing our commitment to efficiency and proactive problem-solving.