Microsoft Endpoint Manager – How to Synchronize Local AD Account to Intune with Azure AD Connect

In the previous blog I explained how to create users in Microsoft Endpoint Manager. But what if you already have on-premise infrastructure with users you want to synchronize with Azure AD? It’s possible with Azure AD Connect.

Azure AD Connect is the Microsoft free tool that helps you synchronize on-premise AD accounts into Azure AD which means you don’t need to re-create accounts in the cloud for your on-premise users and they can use cloud services like Office 365, Intune and cloud apps using their existing accounts. You can download the latest version of Azure AD connect from Microsoft Download Center.

I want to outline a few important points related to installation prerequisites:

  • Domain-joined Windows Server 2012 Standard/Enterprise or later with a full GUI
  • Global Azure AD administrator account
  • AD Enterprise administrator account
  • SQL Server 2012 to 2019 (SQL Server Express can be installed during Azure AD Connect installation as a default option)
  • Internet connectivity from server with Azure AD Connect and DNS resolution for all Internet and Intranet domains

So, let’s start.

First of all you need to prepare on-premise accounts for synchronization if it’s not done yet. We need to add an alternative UPN suffix to Active Directory DS. To do that run Active Directory Domains and Trusts console, then open Properties and add your custom domain name:

If you don’t add UPN suffix then your user@domain.local will be synchronized to Azure AD as user@yourtenant.onmicrosoft.com.

Then we need to change the domain for users we want to synchronize. Go to Active Directory Users and Computers, choose user accounts you want to synchronize and select public custom domain on Account tab:

Run Azure AD Connect installer and agree to the license terms:

Click Continue. On the Express Settings page select Customize, then click Install:

Leaving Password Hash Synchronization as a default option means users accessing cloud services will use their on-premises passwords:

Click Next and provide Azure AD Global admin credentials:

Click Next. Choose Add Directory:

Provide your on-premise AD Enterprise Administrator credentials for periodic synchronization:

Then click OK and wait for a confirmation that your local directory was successfully added:

Click Next, then select Continue without matching all UPN suffixes to verified domains:

And click Next. On the Domain and OU filtering wizard page select OU with user accounts you want to synchronize to Azure AD:

Click Next. On the Uniquely identifying your Users page leave settings as default and click Next:

We set up a lab so we will synchronize all users we have in our “cloud” OU:

Click Next. Optional Features configuration will be described in a separate blog. At this moment we are good with the basic configuration so just click Next:

Review the high-level configuration that will be done and click Install:

Review the status of your installation and click Exit:

That’s it for now. Click over to the next article in the series where we’ll check if we successfully synchronized our on-premise AD accounts to Azure AD. As always, if you need help beyond what we covered here, click here and our experts team will be with you in minimum possible time.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=