How to add an on-premises Windows Server to Azure AD later

Question

We currently utilize Azure AD to manage our users. We would like to build a Windows Server on Azure due to the increased size of our organization and to manage our organization's computers more closely. Can we add an on-premise Windows Server while maintaining our current users, groups, and other settings?

Answer 1

Hello Yuki,

Thank you for your question and for reaching out with your question today.

Yes, you can integrate an on-premises Windows Server with Azure Active Directory (Azure AD) to maintain your current users, groups, and other settings while utilizing Azure services. This integration allows you to extend your on-premises Active Directory environment to the cloud and enables various scenarios such as single sign-on, centralized user management, and hybrid identity.

To achieve this, you can use Azure AD Connect, a tool provided by Microsoft. Azure AD Connect synchronizes your on-premises Active Directory with Azure AD, ensuring that user accounts, groups, and other directory objects are replicated to the cloud.

Here's an overview of the steps to integrate an on-premises Windows Server with Azure AD:

1. Set up Azure AD Connect:
   • Install Azure AD Connect on your on-premises Windows Server. You can download it from the Microsoft Download Center.
   • During the installation process, configure the synchronization options to connect your on-premises Active Directory to Azure AD. This includes providing your Azure AD credentials and selecting the appropriate synchronization method (e.g., password hash synchronization, pass-through authentication, or federation).
2. Configure synchronization settings:
   • Customize the synchronization settings to specify which attributes and objects you want to synchronize between your on-premises Active Directory and Azure AD. This includes user accounts, groups, organizational units, and more.
   • You can also configure filtering rules to exclude specific objects from synchronization or apply attribute-based filtering.
3. Perform the initial synchronization:
   • Once the configuration is complete, perform an initial synchronization between your on-premises Active Directory and Azure AD. This synchronizes the selected directory objects and establishes the initial connection.
4. Enable desired Azure AD features:
   • After the initial synchronization, you can enable various Azure AD features that suit your organization's requirements. These features include single sign-on, self-service password reset, conditional access policies, and more.
   • You can configure these features through the Azure portal, Azure AD PowerShell, or other Azure management tools.

By integrating your on-premises Windows Server with Azure AD, you can benefit from centralized user management, seamless authentication across on-premises and cloud resources, and enhanced security and compliance capabilities.

It's recommended to carefully plan and test the integration process in a controlled environment before implementing it in production. Microsoft provides comprehensive documentation and guidance for Azure AD Connect, which you can refer to for detailed instructions and best practices.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

If the reply was helpful, please don’t forget to upvote or accept as answer.

Answer 2

I created Entra AD Domain and connected my in prem network to it using vpn. i already have ADConnect for Ad sync to EntraAd but on top of it i joined other servers to EntraAd Domain. works well