Managing Hybrid Identity – Azure AD Connect

Managing Hybrid Identity – Azure AD Connect

Managing Hybrid Identity – Azure AD Connect

Azure Active Directory is Microsoft’s SaaS [Software as a Service] service that provides comprehensive Identity Management on Cloud, integrates with On-prem directory services, and support various modern protocols like WS-Fed, OAuth, SAML etc.

In this post, we will deploy Azure AD Connect that will integrate with On-Prem Active Directory.

First login to your Azure Portal (https://manage.windowsazure.com) , go to Active Directory, use default Active Directory or create new directory and download Azure AD Connect.

 

Azure-AD-Connect-01

Download Azure AD Connect

Before you install Azure AD Connect and sync On-premise Active Directory, you need to create user account in Azure Active Directory with Global Admin role. This will be used to connect to Azure AD from Azure AD Connect.

Azure-AD-Connect-08

Click on Add User, and create a new user in your organization.

Azure-AD-Connect-09

On the next screen, select the role as Global Admin and provide email address.

Once the user is created, the system will generate temporary password. You need to login to Azure with the temporary password and change the password so that it can be used with Azure AD Connect

Azure-AD-Connect-10

Next, start installation of Azure AD Connect

Azure-AD-Connect-02

During installation, we select Password Synchronization . This will allow password to replicate to Azure AD. Other option is Federation with AD FS, where only user attributes without password will be replicated to Azure AD, and Active Directory Federation Services will be used for logons.

Azure-AD-Connect-06

Next, type the user account that was created with Global Admin role.

Azure-AD-Connect-7

Next dialog box requires you to type username and password of on-premise Active Directory

Azure-AD-Connect-8

Next screen allows you to configure conflict management in case multiple AD forests are configured to replicate to Azure AD.

Azure-AD-Connect-9

Next, you need to select if you need to sync all users in the Active Directory or only selected members of a group.

Azure-AD-Connect-010

Below are the features that you want to enable on Azure AD Connect. I have enabled Password writeback Password hash sync. You can also enable other optional features.

Azure-AD-Connect-11

Now Azure AD is configured and ready to sync identities to Azure AD

Azure-AD-Connect-12

 

About The Author

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *