eye

AAD integration with Active Directory using AD Connect

January 31, 2018 | by iaur | posted as Active Directory, Azure AD

Overview

  1.  Install AAD Connect. Note, that you need to check if your AD server version is supported under the requirement section.
  2. Configure the AAD connect according to the sync type, the most basic is Password Hash (PH)
  3. Run through the installation wizard and customize options like OU\Attribute to sync and more
  4. Check if Sync is working

Detailed Instructions:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-express (PHS)

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start (PTA)

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-whatis (ADFS)

Steps

Machine generated alternative text: Microsoft Azure Active Directory Connect Express Settings Required Components user Sign-ln Connect to Azure AD Sync Connect Directories Azure AD sign-in Domain/OLl Filtering Identifying users Filtering Optional Features Configure User sign-in Select the Sign On method. @ Password Synchronization (D Pass-through authentication (D Federation with AD FS O Do not configure Select this option to enable single sign-on for your corporate desktop users: Enable single sign-on Previous Next
Machine generated alternative text: Microsoft Azure Active Directory Connect Express Settings Required Components user Sign-ln Connect to Azure AD Sync Connect Directories Azure AD sign-in Domain/OLl Filtering Identifying users Filtering Optional Features Configure Connect your directories Enter connection information for your on-premises directories or forests. DIRECTORY TYPE Active Directory FOREST O jdunisports.com No directories are currently configured. Add Directory Previous N pyt
Machine generated alternative text: Microsoft Azure Active Directory Connect Express Settings Required Components user Sign-ln Connect to Azure AD Sync Connect Directories Azure AD sign-in Domain/OLl Filtering Identifying users Filtering Optional Features Configure Connect your directories Enter connection information for your on-premises directories or forests. DIRECTORY TYPE Active Directory FOREST O CONFIGURED DIRECTORIES jdunisports.com (Active Directon/) Add Directory Previous Remove Next
Machine generated alternative text: Microsoft Azure Active Directory Connect Express Settings Required Components user Sign-ln Connect to Azure AD Sync Connect Directories Azure AD sign-in Domain/OlJ Filtering Identifying users Filtering Optional Features Configure Azure AD sign-in configuration To use on-premises credentials for Azure AD sign-in, UPN suffixes in usernames should match one of the verified custom domains in Azure AD. The fallowing table lists the UPN suffixes defined in your on-premises environment, along with the matching custom domain in Azure. O Active Directory UPN Suffix jdunispofts.com Select the on-premises attribute to use as the Azure AD username USER PRINCIPAL NAME O userPrincipalName Previous Azure AD Domain Verified Next
Machine generated alternative text: Microsoft Azure Active Directory Connect Express Settings Required Components user Sign-ln Connect to Azure AD Sync Connect Directories Azure AD sign-in Domain/OL] Filtering Identifying users Filtering Optional Features Configure Domain and OU filtering Directory: jdunisports.com @ Sync all domains and OUS O Sync selected domains and OUS V] jdunispofts.com Refresh Ou/Domain Previous Next

Note: sync selected OU and domains

Machine generated alternative text: Microsoft Azure Active Directory Connect Express Settings Required Components user Sign-ln Connect to Azure AD Sync Connect Directories Azure AD sign-in Domain/OLl Filtering IdentiWing users Filtering Optional Features Configure Uniquely identifying your users Select how users should be identified in your on-premises directories. O Users are represented only once across all directories. (D user identities exist across multiple directories. Match using: @ Mail attribute C) ObjectSlD and msExchMasterAccountSlD/msRTCSlP-OriginatorSlD attributes C) SAMAccountName and MailNickName attributes O A specific attribute Select how users should be identified with Azure AD. @ Let Azure manage the source anchor for me. O A specific attribute Previous Next
Machine generated alternative text: Microsoft Azure Active Directory Connect Express Settings Required Components user Sign-ln Connect to Azure AD Sync Connect Directories Azure AD sign-in Domain/OLl Filtering Identifying users Filtering Optional Features Configure Filter users and devices For a pilot deployment, specify a group containing your users and devices that will be synchronized. Nested groups are not supported and will be ignored. @ Synchronize all users and devices O Synchronize selected O FOREST jdunisports.com GROUP Enter a name or DN of a group Previous Resolve Next
Machine generated alternative text: Microsoft Azure Active Directory Connect Express Settings Required Components user Sign-ln Connect to Azure AD Sync Connect Directories Azure AD sign-in Domain/OLl Filtering Identifying users Filtering Optional Features Configure Optional features Select enhanced functionality if required by your organization. Exchange hybrid deployment Exchange Mail Public Folders (Preview) O Azure AD app and attribute filtering Q] Password synchronization Q] Password writeback Group writeback (Preview) Device writeback Directory extension attribute sync Learn more about optional features. Previous Next
Machine generated alternative text: Microsoft Azure Active Directory Connect Express Settings Required Components user Sign-ln Connect to Azure AD Sync Connect Directories Azure AD sign-in Domain/OLl Filtering Identifying users Filtering Optional Features Config ure Ready to configure Once you click Install, we will do the following: Configure synchronization services on this computer Q] Start the synchronization process when configuration completes. Enable staging mode: When selected, synchronization will not export any data to AD or Azure AD. Previous Install
To Verify

Wait for 30 minutes and access admin center and you should see the object in the synced OU as “Synced with..”