In this article, I’ll show you how to install and configure Azure AD Connect. This solution allows you to synchronize your On-Premises Active Directory (AD) to the Azure platform and use the same user accounts.
Microsoft provides two types of installation types to use for Azure AD Connect, you can decide which option to use during the installation.
- ExpressSetting: You have a single Active Directory Forest on-premises and less than 100,000 objects in your on-premises Active Directory.
- Customize Setting: You have more than one forest or you plan to synchronize more than one forest in the future and more than 100,000 objects and need to use a full SQL Server.
Use custom settings in Azure Active Directory (Azure AD) Connect when you want more options for the installation. Use these settings, for example, if you have multiple forests or if you want to configure optional features.
Installation prerequisites
- Azure AD Connect must be installed on a domain-joined Windows Server 2016 or later
- The minimum .NET Framework version required is 4.6.2
- Windows Server Core isn't supported.
Installing and Configuring Azure AD Connect
Step 1. Needs to download the Azure AD Connect installer.
- Using the following link to Log into your Azure Portal https://portal.azure.com
- From the azure portal navigate to "Azure Active Directory"
3. In the Manage section, select Azure AD Connect
4. Select "Connect Sync"
5. Then Click to "Download Azure AD Connect" then it will redirect to Azure AD connect (msi) Installer downloading page
Step 2. Start the Azure AD Connect installation
- Run the Azure AD Connect (msi) Installer and then Accept the "Licence terms and privacy notice"
2. On the Express Settings page, select Customize to start a customized-settings installation.
3. Required Components - you can leave the optional configuration section unselected. Azure AD Connect sets up everything automatically. Then Select "Install"
4. Follow these steps to configure single sign-on for your Users,
- Select Password Hash Synchronization
- Enable Sigle sign-on
- Then Select "Next".
5 . To "Connect to Azure AD" enter your Azure AD global administrator or Hybrid identity administrator credentials. (Microsoft default domain: [email protected])
"techshifa.info" This is my verified custom domain in Azure AD
If you want to add or verify a custom domain in Azure Active Directory, follow this article: Add And Verify Your Custom Domain In Azure Active Directory
6. Connect your directories
To connect to Active Directory Domain Services (AD DS), Azure AD Connect needs the forest name and credentials of an account that has sufficient permissions.
Select "Add Directory" (No directories are currently configured)
7. Create an AD Account
On-premises Active Directory credentials for each forest that is connected to Azure AD. The account you specify on the Connect your directories page must be present in Active Directory,
Azure AD Connect wizard creates the AD DS Connector account used to connect to Active Directory.
- Select "Create New AD Account"
- Enter your "Enterprise Admin Credential"
- Then Select "OK"
8. After you Configured Directories Select "Next"
9. Azure AD sign-in configuration depends on whether Azure AD can match the user principal name suffix of a user that's being synced to one of the custom domains that are verified in the Azure AD directory.
When you synchronize your on-premises directory with Cloud, you have to have a verified domain in Azure Active Directory (Azure AD). Only the User Principal Names (UPNs) that are associated with the on-premises Active Directory Domain Services (AD DS) domain are synchronized.
If you have multiple domains listed, and the primary domain is verified then you can select “Continue without matching all UPN suffixes to verified domains.
Then Select "Next"
10. "Domain and OU filtering" - By default, all domains and organizational units (OUs) are synchronized. If you don't want to synchronize some domains or OUs to Azure AD, you can clear the appropriate selections
Then Select "Next"
11. You have to choose how to identify users in your on-premises directories.
In this case, I keep all selected by default then Select "Next"
12. Select "Synchronize all users and devices" then select "Next"
13. Select optional features for your scenario.
In my scenario, I Select "Password writeback"
Password writeback can be used to synchronize password changes in Azure AD back to your on-premises AD DS environment. Azure AD Connect provides a secure mechanism to send these password changes back to an existing on-premises directory from Azure AD.
14. Enable single sign-on:
- Select "Enter credential"
- And then Enter a domain administrator account to configure your on-premises forest for use with single sign-on
- Then Click "OK"
15. After entering your domain administrator credential select "NEXT"
17. Azure AD Connect server ready for configuring the settings,
Click "Install" once you’ve confirmed that all settings are correct.
17 Azure AD Connect configuration successfully completed, Now Click Exit to close the wizard
You can verify Azure AD connect sync enabled from the active directory.
On-Premises active directory users showing in the following picture.
Successfully On-Premises users are synchronizing with Azure AD