In this blog, I will be explaining how to configure Azure AD Connect the tool to sync On-prem accounts to the cloud and provide a secure way of accessing resources across both On-prem and Azure AD
What is a Hybrid identity? & Why?
Hybrid identities allow organizations to use the same identity solution for both On-premises and Cloud-based solutions, with hybrid identity users on cloud and On-prem accessing the resources regardless of the location and providing unified authentication and authorization capabilities and accessing applications and underlying data securely.
Azure AD Connect
AAD Connect will help to connect between On-Premises Active directory and the cloud-based Azure Active Directory, this allows for the synchronization of identities from On-prem to Azure and ensures a consistent identity across both platforms.
Prerequisites
You need an Azure AD tenant
Add and verify the Custom Domain
On-Premises Active Directory schema version and forest level must be windows server 2003 or later
For more detailed prerequisites please visit Microsoft Doc: Link
Install and Configure Azure AD Connect
As per the prerequisites I have On-Prem Active Directory and Azure AD Tenant, you can download the latest Azure Ad connect MSI package from this link
Steps to install Azure AD Connect
Download the Azure Ad Connect application -> tap on the MSI package this will pop up user account control -> tap on yes to continue
Azure ad connect application will get installed
Tap on Finish to complete the installation
Once installed you can see the Azure AD connect on the desktop or in start-up -> Double click on Azure AD Connect to configure Azure AD connect.
Steps to configure Azure AD Connect
Tick the box for accepting the license terms and privacy notice -> Tap on Continue
This will take you to the next page and here you will have two options one to use express settings and customize, Custome settings will allow configuring every option where Express Settings will install Azure AD Connect with by default settings, for more details please refer to the Link
In this blog, I will be using express settings
On this page enter the Global Admin account to connect with Azure AD and tap on next
Enter the Enterprise admin account to connect with On-prem AD and tap on next
This will fetch the available UPN Suffix, to add UPN Suffix on the Domain controller please refer to my blog How to Add UPN Suffix Link
You can see my custom domain anandpnair.com and it's been verified, select the option continue without matching all UPN suffixes to the verified domain, and tap on next
This will take you to the ready to configure page, you can select start the synchronization process when the configuration is completed or this can be manually initiated once the installation is completed, click on Install to complete the configuration.
This will configure Azure AD Connect, wait until the configuration gets completed this will take some time
Once it's completed this will provide the complete details and tap on Exit
Search for the application named Synchronization Service Manager, time this will throw the below error, please sign out and sign in and try to open the application this will open connector operation details
By default, the sync time is 30 minutes if you need to initiate sync you can use the below PowerShell commands to initiate a sync
Delta sync modified objects
Initial will initiate a full sync
Login to Azure AD for validating the AD connect sync settings, you can see in my tenant
Sync Status Enabled
Last Sync Less than 1 hour ago
Password Hash Sync Enabled
You can see two Identities as yes under Directory Synced and the rest all as no, the ones highlighted are the On-Prem Identities synced to the cloud using the Azure Ad Connect Sync tool
Commentaires