Step-By-Step: Syncing An On Premise AD with Azure Active Directory
Enterprise Mobility has become top of mind for organizations big and small as of late. Extending beyond the need of just mobile device management, the focus has evolved to securely enabling people within an organization with information pertinent to their success. With this in mind, Microsoft’s Enterprise Mobility Suite addresses Mobile Device Management (MDM), Mobile Application Management (MAM), information protection and identity/access management.
To start, let’s take into consideration how users can be enabled to authenticate seamlessly between on premise and in cloud. The Azure Active Directory tool, previously known as DirSync, provides this capability enabling the end user to authenticate seamlessly and securely via online or on premise. Said offering creates an easier way for people at an organization to utilize a single sign on authenticator to take advantage of online productivity suites such as Office 365.
This Step-By-Step is the first step in terms of deploying said Microsoft Enterprise Mobility solution and invoking the single sign on capability.
Prerequisites
The following are required to complete this Step-By-Step:
A domain joined server running Windows Server 2008 SP2 or higher
or
A domain joined server running Windows Server 2008 R2 SP1 or higher
An active Microsoft Azure subscription. View Step-By-Step: Creating a Windows 2012 R2 Lab on Windows Azure should you require to setup your lab
An Internet Domain Name will allow your users to authenticate to
Note: It is not mandatory for the Internet Domain Name to match with your Active Directory Domain Name
Step 1: Configuring the Internet Domain Name for use with Azure Active Directory
Navigate to https://manage.windowsazure.com on your browser
Select ACTIVE DIRECTORY found near the bottom of the right hand side menu
In the Active Directory window, click your provided Directory Name
In the Directory window, click DOMAINS found in the top menu
Click the ADD button located in the menu at the bottom of the page
On the ADD DOMAIN page, enter the Internet Domain Name to be utilized for the sync
Click the checkmark box enabling the ability for single sign-on with your local Active Directory
Click ADD to complete the task of adding the domain
Step 2: Configuring the Internet Domain Name for use with Azure Active Directory
Return back to the ACTIVE DIRECTORY window
Select ACTIVATED
Click SAVE located in the menu at the bottom of the page
Step 3: Configuring the sync of the on premise AD users and passwords to Azure Directory
Download the Azure Active Directory Sync Tool
Install the Azure Active Directory Sync Tool on a domain controller with Administrative rights
Note: The Azure Active Directory Sync Tool can be installed on a domain joined computer. The sync will fail however if the computer is disabled.
On the first Azure Active Directory Sync Setup window, click Next
On the next window, Accept the Terms and click Next
On the next window, specify the installation path or leave the default and click Next
Click Next once the installation is complete
On the first Azure Active Directory Sync Configuration Wizard window, click Next
On the next window, provide your Microsoft Azure credentials and click Next
On the next window, provide your administrative Windows Active Directory credentials and click Next
Note: It is recommended to use a service administrative account instead of an administrators account should said administrator leave the organization
Enable Hybrid Deployment by clicking the provided box click Next
Note: Various Microsoft Online Services such as Office 365 provide features that work best when certain directory information can be controlled by the online service. Directory objects, such as users, are synchronized from your on-premises directory are modified in the Azure Active Directory. These changes are then written back to your on-premises directory for on-premises applications to consume. The Directory Sync tool will not be given the permission to modify all attributes in your directory. Only those attributes that can be written back from Azure Active Directory will have permission to be modified. This step is not crucial for this lab however will be required in future labs.
Enable Password Sync by clicking the provided box and click Next
Click Next to complete the installation
Ensure Synchronize your directories is selected and click Finish
Now completed, your on premise Active Directory is now synced with your Azure Active Directory. Future posts will build on this lab to enable additional functionality provided in Microsoft Enterprise Mobility Solutions and other similar offerings. To further your learning regarding Microsoft Azure, visit Microsoft Virtual Academy and complete the Azure for IT Pros Jump Start.