SlideShare a Scribd company logo

Integrating your on-premises Active Directory with Azure and Office 365

Download as PPTX, PDF
N
nelmedia

How's and Why's of integrating on-premises AD with Azure & Office 365

Technology
1 of 63
Integrating Your On-Premises Active Directory with Azure and Office 365 Mike Nelson Solutions Architect - nGenX Level: Intermediate
Who Is This Guy? • Solutions Architect – nGenX • 25 years in tech • CTP - vExpert - MCSE-PC • mike.nelson@ngenx.com • Twitter - @nelmedia Mike Nelson 2014
What Are We Going To Talk About? • Azure Active Directory & Office 365 • Integration, Synchronization & Migration • Administration & Troubleshooting • Tools / Tips Mike Nelson 2014
What Are We Going To Do? • Create a new local AD • Create a new Azure AD Instance • Setup Sync • Play around a bit Mike Nelson 2014
Updates I like to draw ;-) Updated slides, drawings, etc. http://1drv.ms/1oHyZz0 Mike Nelson 2014
Prerequisites • Get a Live ID account – http://signup.live.com • Get an Azure Trial & VHD - http://aka.ms/R2 – Select “Windows 2012 R2 Datacenter on Azure” (also have pre-config’d copies to distribute) • Pick a domain name (variant of “contoso” is recommended – ex. contoso611.onmicrosoft.com • You must have a hypervisor installed/enabled on your laptop to run a lab VM Mike Nelson 2014
Prerequisites • Hypervisors (download trials if needed) – For Win 8.x, use Hyper-V role or VMware Workstation – For Win 7.x, use VMware Workstation – For Mac, use Fusion • Image provided on the DVD’s or USB drives – Server 2012 R2 Datacenter VHD file & OVF package – You can also build your own 2012 R2 VM or use an existing one you have with no AD role installed Mike Nelson 2014
Import VM • Need 7GB free for disk file • OVF file can be imported for VMware – VMware Fusion - http://bit.ly/1lCLNjO – VMware Workstation - http://bit.ly/1jNSW1h • Hyper-V import VHD as IDE - http://bit.ly/1rpoQZi • Administrator – P@ssw0rd Mike Nelson 2014
Mike Nelson 2014
Let’s Talk AD, AAD & O365 Windows Server Active Directory Azure Active Directory Free Azure Active Directory Tenant Azure Active Directory Premium Mike Nelson 2014
• Scenario 1 Subscriptions • No Azure subscription & no Office 365 subscription • Sign up for Azure first as an Organization – https://account.windowsazure.com/organization • Add your domain to Azure AD & then sign up for Office 365 using org account • Scenario 2 • Office 365 subscription, but no Azure subscription • You already have an AAD Tenant • Sign up for Azure using your org account
• Scenario 3 Subscriptions • Office 365 subscription with Org Account & Azure subscription with Microsoft ID • Already have AAD Tenant, but must be joined via org account • Sign in to Azure with org account • Add LiveID to Azure AD • Sign in to Azure with LiveID • Go to Settings and Edit Directory • Set default directory to Org directory • Add org account as Co-Administrator
Windows Azure AD vs AD on Windows Azure IaaS On Premise VM w/ AD on Azure IaaS
Identity for Microsoft cloud services Microsoft Account Microsoft Azure Active Directory Microsoft Account Ex: alice@outlook.com User Organizational Account Ex: alice@contoso.com User
Office 365 Identity Models
Identity Synchronization and Federation WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API
Cloud identity model
Synchronized identity model
Identities Everywhere Windows Azure Active Directory
What Else Uses Identity?
It’s All About Sync S S O Single SignOn Requires ADFS – seamless experience Same SignOn Second credential entry – a compromise
SSO and Office 365 • Admin View – Single Credential to manage – Single place to manage polices – on-premises workstation restrictions etc – IDP is your AD • User View – I have a single credential – I may be prompted to enter it more than once, but is always the same credential
SSO Alternatives & SAML • Pros, Cons, Needs, and Wants Centrify OneLogin Okta PingFederate Optimal IDM IBM Tivoli FIM PacketOne SiteMinder
• • • • • Directory Integration options Microsoft Dynamics CRM Passwords
Sync Options
Directory Sync - AADSync
Password Sync • Synchronizes user password hash from your on-premises Active Directory to Azure Active Directory (pretty secure) – mainly for Self-Service reset • Doesn’t require something to be installed on all DC’s • Users can use the same credentials to login into both on-premises • No additional infrastructure required on premises • No dependency on on-premises infrastructure for authentication • Password Write-Back is coming in AADSync – in latest DirSync now
Password Sync** • Password complexity policies configured in the on-premises AD apply in the cloud, i.e. you mange them on-premises. • Cloud password is set to ‘Never Expire’ • Users cannot change their password in the cloud except via self-service mechanism • Admins can reset user’s password on the cloud*
AADConnect
ADFS • Not Multi-Forest • Parent & Child domains
ADFS • Plan for capacity • More infrastructure - SQL or WID, WAAP, multiple ADFS servers • More administration - service accounts, DBA, certificates, Claims, etc.
Use Sync As Backup for ADFS http://bit.ly/1lQvPmm http://social.technet.microsoft.com/wiki/contents/articles/17857.dirsync-how-to- switch-from-single-sign-on-to-password-sync.aspx
Typical AD FS deployment on-premises…
…Compromise when moving to Azure
Password Sync vs. Single Sign-On Password Sync Single Sign-On (ADFS) Same password to access resources X X Control password policies on-premises X X Support for multi-factor authentication X * X No password re-entry if on premises X Authentication occurs in on premises directory X Client access filtering X * Limited Support
AD Deployment Models in Azure • AD Forest in Azure • Static IP via PowerShell • AD Extended from On-Premises Network • Azure VNet w/P2P or S2S required • Static IP via PowerShell • Azure AD As A Service • Commercial providers • Directory Services As A Service
AD Forest in Isolated Azure VNet Data-Tier 10.2.2.0/24 Backend 10.2.1.0/24 Microsoft Azure Virtual Network - 10.2.x fe2 fe1 SharePoint SQL contoso.corp Collab-Tier 10.2.3.0/24 Frontend 10.2.4.0/24 Availability Set Availability Set dc1/dns 10.2.1.4/24 dc2/dns 10.2.1.5/24 Load-Balancer fe3 Availability Set © 2014 Yung Chou. 43
Hybrid Cloud with Azure VNet and P2S Microsoft Azure Virtual Network Site Backend 10.2.1.0/24 Availability SharePoint SQL Microsoft Azure Virtual Network - 10.2.x contoso.cor p Point-to-Site VPN Data-Tier 10.2.2.0/24 Collab-Tier 10.2.3.0/24 Frontend 10.2.4.0/24 Set fe2 fe1 dc1/dns 10.2.1.4/24 dc2/dns 10.2.1.5/24 Load-Balancer fe3 Availability Set © 2014 Yung Chou. Point-to-Site VPN 44
Hybrid Cloud with Azure VNet and Microsoft Azure Virtual Network Site SharePoint SQL Microsoft Azure Virtual Network - 10.2.x contoso.corp Windows Server 2012 R2 as a VPN gateway On-premises Active Directory establishment Site-to-Site VPN Point-to-Site VPN Data-Tier 10.2.2.0/24 Collab-Tier 10.2.3.0/24 Backend 10.2.1.0/24 Availability Frontend 10.2.4.0/24 Set fe2 fe1 dc1/dns 10.2.1.4/24 dc2/dns 10.2.1.5/24 Load-Balancer fe3 Availability Set © 2014 Yung Chou. S2S/P2S 45
What About Virtualizing AD? Is it safe to do? Yes, but you need to plan carefully The role The network The disk The clock Mike Nelson 2014
What About WAADMS?
First Things First • Plan for AAD Sync & manually check AD • DNS – Lower your TTL • UPN suffixes must exist! • Add & verify all SMTP domains • Set Password Expiration flag via PowerShell • Run idfix
First Things First • Use the VM Readiness Assessment tool! • ADModify (codeplex) to bulk modify AD • Use PowerShell to provide info & delete if your gutsy!
Tools for Administration • Azure Portal • Office365 Admin Center • Local AD Tools • PowerShell! Mike Nelson 2014
Tools for Troubleshooting • idFix • Microsoft RCA (web / client) https://testconnectivity.microsoft.com/ • Troubleshooting AAD Sync http://support.microsoft.com/kb/2684395 Mike Nelson 2014
Tools for Troubleshooting • PowerShell • MsiiClient for AAD Sync • ADSI Edit • ADPlus.vbs • On-Ramp (O365 setup) Mike Nelson 2014
Tips • Always create a Company Administrator (formerly Global Administrator) account that is “In Cloud” • Rollback from Federated domain to Standard requires O365 password reset • ADFS – Parent certificate covers children Mike Nelson 2014
Tips • Use Sync as backup for ADFS • Update the ADFS Relying Party Metadata periodically – Update-MSOLFederatedDomain –DomainName:<domain name> – Use –supportmultipledomain switch if needed – Scheduled task script • ADFS – Parent certificate covers children – Using the –supportmultipledomains switch is required when multiple top-level domains are federated by using the same AD FS federation service • Testing ADFS – https://<adfs_url>/adfs/ls/idpinitiatedsignon.aspx Mike Nelson 2014 –supportmultipledomains
Sync Tips • AAD Sync runs every 3 hours, Password sync runs every 2 minutes. Both can be forced via PoSH – Start-OnlineCoexistenceSync -FullSync • Online portal can take a very long time to update • “Technical Contact” will get all the emails • To determine Sync version – PowerShell (GP 'hklm:SOFTWAREMicrosoftWindowsCurrentVersionUninstallMicro soft Online Directory Sync').DisplayVersion Mike Nelson 2014
Sync Tips • When filtering OU’s in Sync, remove unused Run Steps • Always use latest version of Sync • Upgrade is painless – Local SQL, just run the install – Standalone SQL, need to connect to DB & upgrade • When in doubt – Force a Sync • PoSH module – import-module DirSync Mike Nelson 2014
Demo Lab Setup • Get a Live ID account – http://signup.live.com • Get an Azure Trial - http://bit.ly/1zaeXB4 • Add & configure Azure AD • Create local AD – Import pre-made 2012R2 server VM – Add AD role Mike Nelson 2014
The Lab • Power on the VM • Login as administrator – P@ssw0rd • Add the AD role – don’t worry about DNS messages • Once role installed, configure it. The AD Forest should be “corp.com” • Reboot the VM once AD config is complete Mike Nelson 2014
The Lab • Login as <domain>administrator – P@ssw0rd • Right-click on PowerShell icon in taskbar and click Run As Administrator • Enter “set-executionpolicy unrestricted” and hit enter • Open Explorer and go to C:scripts • Right-click and edit “createusers.ps1” (should open in ISE) Mike Nelson 2014
The Lab • Change domain name to your domain name (You can also do these steps manually via the MMC if you wish) • Save the file and run it. A new OU called O365Users should be created in your AD • With ISE still open, open the “createusers.ps1” file. Change the domain name to your domain name. • Save the file and run it. Users should now appear in that O365Users OU. • Close ISE Mike Nelson 2014
The Lab • Open a browser on your local machine and create your MS Live ID account • Go to fasttrack.office.com and sign up for a Enterprise demo. Pick a domain name. Highly recommended to pick a variant of “contoso.com” (ex. contoso611.com) • Once signup is complete, login to Office365 with new credentials • Create Azure account using same credentials Mike Nelson 2014
The Lab • Back in the VM, in Explorer, double click the C:Deployment ToolsLdfixLdfix.exe • Query your domain • Fix any issues • Install DirSync • Configure DirSync • Sync objects Mike Nelson 2014

Recommended

Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Azure DNS Privé
Azure DNS PrivéAzure DNS Privé
Azure DNS PrivéAZUG FR
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 

Recommended

Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Azure DNS Privé
Azure DNS PrivéAzure DNS Privé
Azure DNS PrivéAZUG FR
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
Microsoft Azure - Introduction
Microsoft Azure - IntroductionMicrosoft Azure - Introduction
Microsoft Azure - IntroductionPranav Ainavolu
 
Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...
Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...
Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...Amazon Web Services
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
Azure vnet
Azure vnetAzure vnet
Azure vnetzekeLabs Technologies
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Azure 101
Azure 101Azure 101
Azure 101Korry Lavoie
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual networkLalit Rawat
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)Srikanth Kappagantula
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0Marcos Oikawa
 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy☁ Hicham KADIRI ☁
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6Neal Davis
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD ConnectSasha Rosenbaum
 
AWS Cloud organizations presentation
AWS Cloud organizations presentationAWS Cloud organizations presentation
AWS Cloud organizations presentationTATA LILIAN SHULIKA
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesQBurst
 
Application Portfolio Migration
Application Portfolio MigrationApplication Portfolio Migration
Application Portfolio MigrationAmazon Web Services
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical GuideSasha Rosenbaum
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CJohn Garland
 

More Related Content

What's hot

Microsoft Azure - Introduction
Microsoft Azure - IntroductionMicrosoft Azure - Introduction
Microsoft Azure - IntroductionPranav Ainavolu
 
Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...
Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...
Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...Amazon Web Services
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual networkLalit Rawat
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)Srikanth Kappagantula
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0Marcos Oikawa
 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy☁ Hicham KADIRI ☁
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6Neal Davis
 
AWS Cloud organizations presentation
AWS Cloud organizations presentationAWS Cloud organizations presentation
AWS Cloud organizations presentationTATA LILIAN SHULIKA
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesQBurst
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 

What's hot (20)

Microsoft Azure - Introduction
Microsoft Azure - IntroductionMicrosoft Azure - Introduction
Microsoft Azure - Introduction
 
Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...
Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...
Disaster Recovery Site on AWS - Minimal Cost Maximum Efficiency (STG305) | AW...
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
 
Azure vnet
Azure vnetAzure vnet
Azure vnet
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
Azure 101
Azure 101Azure 101
Azure 101
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy
 
AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6AWS Certified Cloud Practitioner Course S1-S6
AWS Certified Cloud Practitioner Course S1-S6
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
 
AWS Cloud organizations presentation
AWS Cloud organizations presentationAWS Cloud organizations presentation
AWS Cloud organizations presentation
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best Practices
 
Application Portfolio Migration
Application Portfolio MigrationApplication Portfolio Migration
Application Portfolio Migration
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)
 

Viewers also liked

Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical GuideSasha Rosenbaum
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CJohn Garland
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active DirectorySovelto
 
Implementing Azure Active Directory Connect and more
Implementing Azure Active Directory Connect and moreImplementing Azure Active Directory Connect and more
Implementing Azure Active Directory Connect and moreJason Himmelstein
 
Getting the most out of RDS (Terminal Services)
Getting the most out of RDS (Terminal Services)Getting the most out of RDS (Terminal Services)
Getting the most out of RDS (Terminal Services)Amit Gatenyo
 
DevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the CloudDevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the CloudUtkarsh Pandey
 
Server 2012 r2 remote desktop services
Server 2012 r2 remote desktop servicesServer 2012 r2 remote desktop services
Server 2012 r2 remote desktop servicesNihat ALTINMAKAS
 
DevOps With Chef and Azure
DevOps With Chef and AzureDevOps With Chef and Azure
DevOps With Chef and AzureMatt Stratton
 
Azure Active Directory : on fait le point
Azure Active Directory : on fait le pointAzure Active Directory : on fait le point
Azure Active Directory : on fait le pointMaxime Rastello
 
Remote Desktop Services - Who Needs It?
Remote Desktop Services - Who Needs It?Remote Desktop Services - Who Needs It?
Remote Desktop Services - Who Needs It?Aventis Systems, Inc.
 
Hacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitHacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitAlisa Esage Шевченко
 
Lumagate Microsoft Azure RemoteApp Webinar
Lumagate Microsoft Azure RemoteApp WebinarLumagate Microsoft Azure RemoteApp Webinar
Lumagate Microsoft Azure RemoteApp WebinarMorgan Simonsen
 
Migrating Legacy On-Premise Applications to SharePoint Online and Windows Azure
Migrating Legacy On-Premise Applications to SharePoint Online and Windows AzureMigrating Legacy On-Premise Applications to SharePoint Online and Windows Azure
Migrating Legacy On-Premise Applications to SharePoint Online and Windows AzureEric Shupps
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2WinWire Technologies Inc
 
CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)CloudIDSummit
 

Viewers also liked (20)

Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical Guide
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
 
SSAS Azure RemoteApp
SSAS Azure RemoteAppSSAS Azure RemoteApp
SSAS Azure RemoteApp
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
Implementing Azure Active Directory Connect and more
Implementing Azure Active Directory Connect and moreImplementing Azure Active Directory Connect and more
Implementing Azure Active Directory Connect and more
 
Getting the most out of RDS (Terminal Services)
Getting the most out of RDS (Terminal Services)Getting the most out of RDS (Terminal Services)
Getting the most out of RDS (Terminal Services)
 
DevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the CloudDevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the Cloud
 
Building Azure Remoteapp
Building Azure RemoteappBuilding Azure Remoteapp
Building Azure Remoteapp
 
DevOps for Azure
DevOps for AzureDevOps for Azure
DevOps for Azure
 
Server 2012 r2 remote desktop services
Server 2012 r2 remote desktop servicesServer 2012 r2 remote desktop services
Server 2012 r2 remote desktop services
 
DevOps With Chef and Azure
DevOps With Chef and AzureDevOps With Chef and Azure
DevOps With Chef and Azure
 
Azure Active Directory : on fait le point
Azure Active Directory : on fait le pointAzure Active Directory : on fait le point
Azure Active Directory : on fait le point
 
Remote Desktop Services - Who Needs It?
Remote Desktop Services - Who Needs It?Remote Desktop Services - Who Needs It?
Remote Desktop Services - Who Needs It?
 
Hacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitHacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and Profit
 
Lumagate Microsoft Azure RemoteApp Webinar
Lumagate Microsoft Azure RemoteApp WebinarLumagate Microsoft Azure RemoteApp Webinar
Lumagate Microsoft Azure RemoteApp Webinar
 
Migrating Legacy On-Premise Applications to SharePoint Online and Windows Azure
Migrating Legacy On-Premise Applications to SharePoint Online and Windows AzureMigrating Legacy On-Premise Applications to SharePoint Online and Windows Azure
Migrating Legacy On-Premise Applications to SharePoint Online and Windows Azure
 
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
 
CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)
 

Similar to Integrating your on-premises Active Directory with Azure and Office 365

Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationNew Horizons Ireland
 
Deploying asp.net and mvc applications to azure
Deploying asp.net and mvc applications to azureDeploying asp.net and mvc applications to azure
Deploying asp.net and mvc applications to azureGlyn Darkin
 
Moving from SBS to Azure
Moving from SBS to AzureMoving from SBS to Azure
Moving from SBS to AzureRobert Crane
 
Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...
Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...
Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...Jason Himmelstein
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsAmazon Web Services
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSAmazon Web Services
 
Microsoft Azure Hybrid Cloud - Getting Started For Techies
Microsoft Azure Hybrid Cloud - Getting Started For TechiesMicrosoft Azure Hybrid Cloud - Getting Started For Techies
Microsoft Azure Hybrid Cloud - Getting Started For TechiesAidan Finn
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud Amazon Web Services
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesMichael Collier
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSAmazon Web Services
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS Amazon Web Services
 
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid ModelGeek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid ModelIDERA Software
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Tomislav Lulic
 
Should I move my database to the cloud?
Should I move my database to the cloud?Should I move my database to the cloud?
Should I move my database to the cloud?James Serra
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid worldJethro Seghers
 

Similar to Integrating your on-premises Active Directory with Azure and Office 365 (20)

Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Understanding Azure AD Webinar Presentation
Understanding Azure AD Webinar PresentationUnderstanding Azure AD Webinar Presentation
Understanding Azure AD Webinar Presentation
 
Deploying asp.net and mvc applications to azure
Deploying asp.net and mvc applications to azureDeploying asp.net and mvc applications to azure
Deploying asp.net and mvc applications to azure
 
Moving from SBS to Azure
Moving from SBS to AzureMoving from SBS to Azure
Moving from SBS to Azure
 
Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...
Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...
Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
 
Microsoft Azure Hybrid Cloud - Getting Started For Techies
Microsoft Azure Hybrid Cloud - Getting Started For TechiesMicrosoft Azure Hybrid Cloud - Getting Started For Techies
Microsoft Azure Hybrid Cloud - Getting Started For Techies
 
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud Amazon WorkSpaces - Fully Managed Desktops in the Cloud
Amazon WorkSpaces - Fully Managed Desktops in the Cloud
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
 
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid ModelGeek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
Geek Sync | Taking Your First Steps to the Cloud—Building a Hybrid Model
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?
 
Should I move my database to the cloud?
Should I move my database to the cloud?Should I move my database to the cloud?
Should I move my database to the cloud?
 
Share point 2013 in a hybrid world
Share point 2013 in a hybrid worldShare point 2013 in a hybrid world
Share point 2013 in a hybrid world
 

Recently uploaded

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Integrating your on-premises Active Directory with Azure and Office 365

  • 1. Integrating Your On-Premises Active Directory with Azure and Office 365 Mike Nelson Solutions Architect - nGenX Level: Intermediate
  • 2. Who Is This Guy? • Solutions Architect – nGenX • 25 years in tech • CTP - vExpert - MCSE-PC • mike.nelson@ngenx.com • Twitter - @nelmedia Mike Nelson 2014
  • 3. What Are We Going To Talk About? • Azure Active Directory & Office 365 • Integration, Synchronization & Migration • Administration & Troubleshooting • Tools / Tips Mike Nelson 2014
  • 4. What Are We Going To Do? • Create a new local AD • Create a new Azure AD Instance • Setup Sync • Play around a bit Mike Nelson 2014
  • 5. Updates I like to draw ;-) Updated slides, drawings, etc. http://1drv.ms/1oHyZz0 Mike Nelson 2014
  • 6. Prerequisites • Get a Live ID account – http://signup.live.com • Get an Azure Trial & VHD - http://aka.ms/R2 – Select “Windows 2012 R2 Datacenter on Azure” (also have pre-config’d copies to distribute) • Pick a domain name (variant of “contoso” is recommended – ex. contoso611.onmicrosoft.com • You must have a hypervisor installed/enabled on your laptop to run a lab VM Mike Nelson 2014
  • 7. Prerequisites • Hypervisors (download trials if needed) – For Win 8.x, use Hyper-V role or VMware Workstation – For Win 7.x, use VMware Workstation – For Mac, use Fusion • Image provided on the DVD’s or USB drives – Server 2012 R2 Datacenter VHD file & OVF package – You can also build your own 2012 R2 VM or use an existing one you have with no AD role installed Mike Nelson 2014
  • 8. Import VM • Need 7GB free for disk file • OVF file can be imported for VMware – VMware Fusion - http://bit.ly/1lCLNjO – VMware Workstation - http://bit.ly/1jNSW1h • Hyper-V import VHD as IDE - http://bit.ly/1rpoQZi • Administrator – P@ssw0rd Mike Nelson 2014
  • 10. Let’s Talk AD, AAD & O365 Windows Server Active Directory Azure Active Directory Free Azure Active Directory Tenant Azure Active Directory Premium Mike Nelson 2014
  • 11.
  • 12. • Scenario 1 Subscriptions • No Azure subscription & no Office 365 subscription • Sign up for Azure first as an Organization – https://account.windowsazure.com/organization • Add your domain to Azure AD & then sign up for Office 365 using org account • Scenario 2 • Office 365 subscription, but no Azure subscription • You already have an AAD Tenant • Sign up for Azure using your org account
  • 13. • Scenario 3 Subscriptions • Office 365 subscription with Org Account & Azure subscription with Microsoft ID • Already have AAD Tenant, but must be joined via org account • Sign in to Azure with org account • Add LiveID to Azure AD • Sign in to Azure with LiveID • Go to Settings and Edit Directory • Set default directory to Org directory • Add org account as Co-Administrator
  • 14. Windows Azure AD vs AD on Windows Azure IaaS On Premise VM w/ AD on Azure IaaS
  • 15. Identity for Microsoft cloud services Microsoft Account Microsoft Azure Active Directory Microsoft Account Ex: alice@outlook.com User Organizational Account Ex: alice@contoso.com User
  • 17. Identity Synchronization and Federation WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API
  • 20. Identities Everywhere Windows Azure Active Directory
  • 21. What Else Uses Identity?
  • 22. It’s All About Sync S S O Single SignOn Requires ADFS – seamless experience Same SignOn Second credential entry – a compromise
  • 23. SSO and Office 365 • Admin View – Single Credential to manage – Single place to manage polices – on-premises workstation restrictions etc – IDP is your AD • User View – I have a single credential – I may be prompted to enter it more than once, but is always the same credential
  • 24. SSO Alternatives & SAML • Pros, Cons, Needs, and Wants Centrify OneLogin Okta PingFederate Optimal IDM IBM Tivoli FIM PacketOne SiteMinder
  • 25. • • • • • Directory Integration options Microsoft Dynamics CRM Passwords
  • 27. Directory Sync - AADSync
  • 28. Password Sync • Synchronizes user password hash from your on-premises Active Directory to Azure Active Directory (pretty secure) – mainly for Self-Service reset • Doesn’t require something to be installed on all DC’s • Users can use the same credentials to login into both on-premises • No additional infrastructure required on premises • No dependency on on-premises infrastructure for authentication • Password Write-Back is coming in AADSync – in latest DirSync now
  • 29. Password Sync** • Password complexity policies configured in the on-premises AD apply in the cloud, i.e. you mange them on-premises. • Cloud password is set to ‘Never Expire’ • Users cannot change their password in the cloud except via self-service mechanism • Admins can reset user’s password on the cloud*
  • 31. ADFS • Not Multi-Forest • Parent & Child domains
  • 32. ADFS • Plan for capacity • More infrastructure - SQL or WID, WAAP, multiple ADFS servers • More administration - service accounts, DBA, certificates, Claims, etc.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37. Use Sync As Backup for ADFS http://bit.ly/1lQvPmm http://social.technet.microsoft.com/wiki/contents/articles/17857.dirsync-how-to- switch-from-single-sign-on-to-password-sync.aspx
  • 38. Typical AD FS deployment on-premises…
  • 40. Password Sync vs. Single Sign-On Password Sync Single Sign-On (ADFS) Same password to access resources X X Control password policies on-premises X X Support for multi-factor authentication X * X No password re-entry if on premises X Authentication occurs in on premises directory X Client access filtering X * Limited Support
  • 41.
  • 42. AD Deployment Models in Azure • AD Forest in Azure • Static IP via PowerShell • AD Extended from On-Premises Network • Azure VNet w/P2P or S2S required • Static IP via PowerShell • Azure AD As A Service • Commercial providers • Directory Services As A Service
  • 43. AD Forest in Isolated Azure VNet Data-Tier 10.2.2.0/24 Backend 10.2.1.0/24 Microsoft Azure Virtual Network - 10.2.x fe2 fe1 SharePoint SQL contoso.corp Collab-Tier 10.2.3.0/24 Frontend 10.2.4.0/24 Availability Set Availability Set dc1/dns 10.2.1.4/24 dc2/dns 10.2.1.5/24 Load-Balancer fe3 Availability Set © 2014 Yung Chou. 43
  • 44. Hybrid Cloud with Azure VNet and P2S Microsoft Azure Virtual Network Site Backend 10.2.1.0/24 Availability SharePoint SQL Microsoft Azure Virtual Network - 10.2.x contoso.cor p Point-to-Site VPN Data-Tier 10.2.2.0/24 Collab-Tier 10.2.3.0/24 Frontend 10.2.4.0/24 Set fe2 fe1 dc1/dns 10.2.1.4/24 dc2/dns 10.2.1.5/24 Load-Balancer fe3 Availability Set © 2014 Yung Chou. Point-to-Site VPN 44
  • 45. Hybrid Cloud with Azure VNet and Microsoft Azure Virtual Network Site SharePoint SQL Microsoft Azure Virtual Network - 10.2.x contoso.corp Windows Server 2012 R2 as a VPN gateway On-premises Active Directory establishment Site-to-Site VPN Point-to-Site VPN Data-Tier 10.2.2.0/24 Collab-Tier 10.2.3.0/24 Backend 10.2.1.0/24 Availability Frontend 10.2.4.0/24 Set fe2 fe1 dc1/dns 10.2.1.4/24 dc2/dns 10.2.1.5/24 Load-Balancer fe3 Availability Set © 2014 Yung Chou. S2S/P2S 45
  • 46. What About Virtualizing AD? Is it safe to do? Yes, but you need to plan carefully The role The network The disk The clock Mike Nelson 2014
  • 47.
  • 49. First Things First • Plan for AAD Sync & manually check AD • DNS – Lower your TTL • UPN suffixes must exist! • Add & verify all SMTP domains • Set Password Expiration flag via PowerShell • Run idfix
  • 50. First Things First • Use the VM Readiness Assessment tool! • ADModify (codeplex) to bulk modify AD • Use PowerShell to provide info & delete if your gutsy!
  • 51. Tools for Administration • Azure Portal • Office365 Admin Center • Local AD Tools • PowerShell! Mike Nelson 2014
  • 52. Tools for Troubleshooting • idFix • Microsoft RCA (web / client) https://testconnectivity.microsoft.com/ • Troubleshooting AAD Sync http://support.microsoft.com/kb/2684395 Mike Nelson 2014
  • 53. Tools for Troubleshooting • PowerShell • MsiiClient for AAD Sync • ADSI Edit • ADPlus.vbs • On-Ramp (O365 setup) Mike Nelson 2014
  • 54. Tips • Always create a Company Administrator (formerly Global Administrator) account that is “In Cloud” • Rollback from Federated domain to Standard requires O365 password reset • ADFS – Parent certificate covers children Mike Nelson 2014
  • 55. Tips • Use Sync as backup for ADFS • Update the ADFS Relying Party Metadata periodically – Update-MSOLFederatedDomain –DomainName:<domain name> – Use –supportmultipledomain switch if needed – Scheduled task script • ADFS – Parent certificate covers children – Using the –supportmultipledomains switch is required when multiple top-level domains are federated by using the same AD FS federation service • Testing ADFS – https://<adfs_url>/adfs/ls/idpinitiatedsignon.aspx Mike Nelson 2014 –supportmultipledomains
  • 56. Sync Tips • AAD Sync runs every 3 hours, Password sync runs every 2 minutes. Both can be forced via PoSH – Start-OnlineCoexistenceSync -FullSync • Online portal can take a very long time to update • “Technical Contact” will get all the emails • To determine Sync version – PowerShell (GP 'hklm:SOFTWAREMicrosoftWindowsCurrentVersionUninstallMicro soft Online Directory Sync').DisplayVersion Mike Nelson 2014
  • 57. Sync Tips • When filtering OU’s in Sync, remove unused Run Steps • Always use latest version of Sync • Upgrade is painless – Local SQL, just run the install – Standalone SQL, need to connect to DB & upgrade • When in doubt – Force a Sync • PoSH module – import-module DirSync Mike Nelson 2014
  • 58. Demo Lab Setup • Get a Live ID account – http://signup.live.com • Get an Azure Trial - http://bit.ly/1zaeXB4 • Add & configure Azure AD • Create local AD – Import pre-made 2012R2 server VM – Add AD role Mike Nelson 2014
  • 59. The Lab • Power on the VM • Login as administrator – P@ssw0rd • Add the AD role – don’t worry about DNS messages • Once role installed, configure it. The AD Forest should be “corp.com” • Reboot the VM once AD config is complete Mike Nelson 2014
  • 60. The Lab • Login as <domain>administrator – P@ssw0rd • Right-click on PowerShell icon in taskbar and click Run As Administrator • Enter “set-executionpolicy unrestricted” and hit enter • Open Explorer and go to C:scripts • Right-click and edit “createusers.ps1” (should open in ISE) Mike Nelson 2014
  • 61. The Lab • Change domain name to your domain name (You can also do these steps manually via the MMC if you wish) • Save the file and run it. A new OU called O365Users should be created in your AD • With ISE still open, open the “createusers.ps1” file. Change the domain name to your domain name. • Save the file and run it. Users should now appear in that O365Users OU. • Close ISE Mike Nelson 2014
  • 62. The Lab • Open a browser on your local machine and create your MS Live ID account • Go to fasttrack.office.com and sign up for a Enterprise demo. Pick a domain name. Highly recommended to pick a variant of “contoso.com” (ex. contoso611.com) • Once signup is complete, login to Office365 with new credentials • Create Azure account using same credentials Mike Nelson 2014
  • 63. The Lab • Back in the VM, in Explorer, double click the C:Deployment ToolsLdfixLdfix.exe • Query your domain • Fix any issues • Install DirSync • Configure DirSync • Sync objects Mike Nelson 2014

Editor's Notes

  1. Topics- Azure Active Directory & Office 365 - Discuss the basics and architecture of Azure, Azure AD, and Office 365 Discuss how to initiate a subscription, and administrate the environments via the portal and PowerShell for the duration of the session Integration, Synchronization & Migration Single SignOn and Same SignOn DirSync, ADFS, AADConnect, AADSync On-Premise to/from Off-Premise architecture How sync works How to modify sync How to migrate “In cloud” users to “Synched with Active Directory” Administration & troubleshooting Tools & Tips Cleaning up your AD Azure Portal Office 365 Admin Center PowerShell Troubleshooting sync Troubleshooting Tools
  2. A client side hypervisor is required for the lab. The server image is supplied for the lab.
  3. A client side hypervisor is required for the lab. The server image is supplied for the lab.
  4. Microsoft has cloud services they need to authenticate users to which needs to be able to be independent of any on-premise AD for cloud-only scenarios or customers without AD. Microsoft took their knowledge of AD and enhanced this service to fit best for a cloud environment and this is called Windows Azure AD. [click] The challenge is many customers already have an on-premise AD which they would like users to be able to seamlessly authenticate. There are a number of methods to synchronize these two, but it is outside of the scope of this presentation. [click] Windows Azure AD must be used to authenticate to many of Microsoft’s cloud services, regardless of whether or not you synchronize with your on-premise AD [click] The topic of this presentation today covers running the Active Directory role on a VM inside of Windows Azure IaaS. This is NOT the same thing as Windows Azure AD.
  5. Credit: TechEd 2014
  6. Directory Sync – Enables on-premises directory data to be projected into the cloud Only synchronizes from single AD forest Groups, contacts and users ~ 150 properties Provides for a delta sync of changes - Sync timeframe is every 3 hours Links on-prem object to cloud object using ‘SourceAnchor’ – unique on-prem ID (By default: ObjectGUID) On-prem master for all objects and properties Proactively reports errors via email: “No news is good news” Provides for rich integration experiences Office Hybrid scenarios, requires two way sync for some properties Hybrid is only way data gets written back (Exchange data now – passwords soon)
  7. Multiple iterations of SHA256 encryption on hash
  8. http://social.technet.microsoft.com/wiki/contents/articles/17857.dirsync-how-to-switch-from-single-sign-on-to-password-sync.aspx
  9. USN Bubbles
  10. Tasks to be done for prep and execution of Demo Lab
  11. Tasks to be done for prep and execution of Demo Lab
  12. Tasks to be done for prep and execution of Demo Lab
  13. Tasks to be done for prep and execution of Demo Lab
  14. Tasks to be done for prep and execution of Demo Lab
  15. Tasks to be done for prep and execution of Demo Lab