Azure AD Connect

Authors
  • avatar
    Name
    Michael Bui
    Twitter

Overview

Azure AD Connect allows us to sync our on-prem Active Directory with our Azure Active Directory in the cloud. This allows for existing users on our on-prem environment to utilize Single Sign On (SSO) to access both their on-prem resources & their cloud resources with the same credentials.

In this lab we'll be installing Azure AD Connect to SVR01 which hosts our primary Active Directory for our on-premises environment. We will sync our users to our Azure AD & sign into cloud resources using our existing on-prem credentials.

Instructions

  1. Install Azure AD Connect from Microsoft's download page here
  2. Run Azure AD Connect on the server that will sync AD objects
  3. Use express settings (We only have 1 AD forest to sync)
  4. Enter credentials for global admin of Azure AD
  5. Enter On-Prem AD Administrator credentials
  6. Configure Azure AD sign-in domain names. Our On-Prem is using the UPN suffix lab.builab.ca, but our Azure AD only has the custom domain builab.ca. To fix this we added the custom domain lab.builab.ca to our Azure Active Directory
  7. Wait for setup to complete

Verification

Verifying User Sync

  • On our on-prem environment we have 2 IT users: Kirk & Michael
  • We also have 2 normal users: Dorothy & John
  • In our Azure AD we see all 4 users synced

On-Prem Account

  • Log in with our On-Prem account
  • Log into office with the same credentials