What are the limitations of Active Directory Sync on Workplace?
The AD Sync Component has the following limitations:
- Only syncs users from the Active Directory domain that the server belongs to or to a domain in the same AD forest that has the appropriate trust relationships established.
- Only configured to sync users based on: LDAP filters (ex. a specific user class or attribute value), or AD security / distribution groups.
- Will only handle up to 100,000 users max (approx.) using the default admin-less SQL Server 2014 Express LocalDB. Syncing more users requires an admin to manage their own database.
- Has only been tested on Active Directory domains and forests at the Windows Server 2012 functional level.
- Only allows customizing the following user-profile attributes' mapping rules: formatted name, and location; all other attributes will be mapped by default logic.
- Won't sync users that don't have an AD value for these three required Workplace fields: email address, display name and family name.
What are the requirements for configuring Active Directory Federation Service (ADFS) with Workplace?