In the previous blog I explained how to create users in Microsoft Endpoint Manager. But what if you already have on-premise infrastructure with users you want to synchronize with Azure AD? It’s possible with Azure AD Connect.
Azure AD Connect is the Microsoft free tool that helps you synchronize on-premise AD accounts into Azure AD which means you don’t need to re-create accounts in the cloud for your on-premise users and they can use cloud services like Office 365, Intune and cloud apps using their existing accounts. You can download the latest version of Azure AD connect from Microsoft Download Center.
I want to outline a few important points related to installation prerequisites:
- Domain-joined Windows Server 2012 Standard/Enterprise or later with a full GUI
- Global Azure AD administrator account
- AD Enterprise administrator account
- SQL Server 2012 to 2019 (SQL Server Express can be installed during Azure AD Connect installation as a default option)
- Internet connectivity from server with Azure AD Connect and DNS resolution for all Internet and Intranet domains
So, let’s start.
First of all you need to prepare on-premise accounts for synchronization if it’s not done yet. We need to add an alternative UPN suffix to Active Directory DS. To do that run Active Directory Domains and Trusts console, then open Properties and add your custom domain name:
If you don’t add UPN suffix then your user@domain.local will be synchronized to Azure AD as user@yourtenant.onmicrosoft.com.
Then we need to change the domain for users we want to synchronize. Go to Active Directory Users and Computers, choose user accounts you want to synchronize and select public custom domain on Account tab:
Run Azure AD Connect installer and agree to the license terms:
Click Continue. On the Express Settings page select Customize, then click Install:
Leaving Password Hash Synchronization as a default option means users accessing cloud services will use their on-premises passwords:
Click Next and provide Azure AD Global admin credentials:
Click Next. Choose Add Directory:
Provide your on-premise AD Enterprise Administrator credentials for periodic synchronization:
Then click OK and wait for a confirmation that your local directory was successfully added:
Click Next, then select Continue without matching all UPN suffixes to verified domains:
And click Next. On the Domain and OU filtering wizard page select OU with user accounts you want to synchronize to Azure AD:
Click Next. On the Uniquely identifying your Users page leave settings as default and click Next:
We set up a lab so we will synchronize all users we have in our “cloud” OU:
Click Next. Optional Features configuration will be described in a separate blog. At this moment we are good with the basic configuration so just click Next:
Review the high-level configuration that will be done and click Install:
Review the status of your installation and click Exit:
That’s it for now. Click over to the next article in the series where we’ll check if we successfully synchronized our on-premise AD accounts to Azure AD. As always, if you need help beyond what we covered here, click here and our experts team will be with you in minimum possible time.
