Managing Hybrid Identity – Azure AD Connect
Azure Active Directory is Microsoft’s SaaS [Software as a Service] service that provides comprehensive Identity Management on Cloud, integrates with On-prem directory services, and support various modern protocols like WS-Fed, OAuth, SAML etc.
In this post, we will deploy Azure AD Connect that will integrate with On-Prem Active Directory.
First login to your Azure Portal (https://manage.windowsazure.com) , go to Active Directory, use default Active Directory or create new directory and download Azure AD Connect.
Before you install Azure AD Connect and sync On-premise Active Directory, you need to create user account in Azure Active Directory with Global Admin role. This will be used to connect to Azure AD from Azure AD Connect.
Click on Add User, and create a new user in your organization.
On the next screen, select the role as Global Admin and provide email address.
Once the user is created, the system will generate temporary password. You need to login to Azure with the temporary password and change the password so that it can be used with Azure AD Connect
Next, start installation of Azure AD Connect
During installation, we select Password Synchronization . This will allow password to replicate to Azure AD. Other option is Federation with AD FS, where only user attributes without password will be replicated to Azure AD, and Active Directory Federation Services will be used for logons.
Next, type the user account that was created with Global Admin role.
Next dialog box requires you to type username and password of on-premise Active Directory
Next screen allows you to configure conflict management in case multiple AD forests are configured to replicate to Azure AD.
Next, you need to select if you need to sync all users in the Active Directory or only selected members of a group.
Below are the features that you want to enable on Azure AD Connect. I have enabled Password writeback & Password hash sync. You can also enable other optional features.
Now Azure AD is configured and ready to sync identities to Azure AD