Context
A lot of companies are using local Active Directory to set up their domain with AD Domain Controller and manage their devices groups and users. This configuration was helping companies in the past to manage access to some server technologies like Sharepoint Server and Exchange Server and local resources as well.
Some compagnies decided to migrate their server technologeis to cloud technologies and were adopting Azure Active Directory as a service to handle all what local Active Directory was handling before. Therefore those kind of companies were free to adopt other Saas technoogies like Dynamics 365 Customer Engagement and Finance and Operations ….
But still some companies struggles to take that step and still want to keep their infrastructure relaying on local Active Directory due to various reason like ensuring access to legacy applications and federation consideration. Still those companies want to extend their infrastructure to Microsoft cloud technologies without increasing administration effort and deal with two separate identity providers local Active Directory and Azure Active Directory.
Proposed Solution
Microsoft propose two ways to resolve this dilemma with no cost. Administrator can download and install an onpremise application called Azure AD Connect. This tool provides lot of featyre to achieve a Hybride identity infrastructure.
This tool has also a similar cloud version in Azure Active Directory called Azure AD Cloud Sync.
In this article i will cover the setup and configuration to establish Hybride Connection with Azure AD Cloud Sync.
Agenda
Setup Active Directory Domain Controller
Configure Azure AD Cloud Sync
Setup Active Directory Domain Controller
Setup Active Directory Domain Controller
for the purpose of this blog, i will use a windows server 2019 VM. First lets setup the domain controller of your company. On the Server Manager, Click on Add roles and features. select Next.
Select Role-based or features-based installation. Select Next.
Select the server where you want to install the Domain Controller. Click Next.
Select Active Directory Domain Controller and click on Add features.
Progress to the Result step and click on install.
Wait untill the installation complete and close the window.
The next step will be to configure the domain. On the top right of the Server Manager, you will notice a warning icon. Click on it. then click on Promote this server to a domain controller
In the following screen, select Add new forest and specific your root domain name.
Add a password recovery that will help youreboot in safe mode your domain controller in order to recover, restore or repair your active directory database in case of any disaster.
You can go through the next steps without changing any options.
The server will reboot to complete the installation. Your domain controller is now ready and you can start creating your users and groups in the directory.
Configure Azure AD Cloud Sync
Let start the setup of Azure AD CLoud sync, first authenticate to Azure portal with your Global Administrator credentials. Go to Azure Active Directory, select the Azure AD Connect blade. Click on Manage Azure AD Cloud Sync. Click on Download Agent.
Run the installation wizard you just downloaded, accept terms and conditions and click on Install.
Click on Next.
Click on Authorise and authenticate wityh your Global Administrator account.
Fill your local domain administrator.
Validate the information and click Confirm the installation setup configuration.
After the installation complete, go back to your Azure Active Directory on your browser and click on the Azure AD Connect blade, click on Managed Azure AD Cloud Sync. Click on Review All agent. your local domain should be appearing by now as VMName.LocalDomain with the status active.
Back to the Azure AD Connect cloud sync page, click on + New configuration.
Click on Create.
THe following page provide you the ability to limit the scope of the user provisionning for a specific group or users to be selected. you can select ALL users if you want to synchronize all objects of your local active directory with Azure Active Directory.
Fill the email address that will receive email alert when a user provisionning fails and select Enable in the Deploy section. Click on Save.
Your configuration will appear as healthy and user provisionning will be all set.
User synchrnozation takes few minutes to get replicated from local Active Directory to Azure AD.
If you want to run it on demand, you can click on Restart Sync.
Congratulations! you have complete the setup for the Hybride Identity using Local Active Directory and Azure Active Directory.
SAAD NADIR 365 