SlideShare ist ein Scribd-Unternehmen logo

HOW TO INSTALL AND CONFIGURE AZURE AD CONNECT.docx

Als DOCX, PDF herunterladen
J
JamesSwift25

HOW TO INSTALL AND CONFIGURE AZURE AD CONNECT.docx

Technologie
1 von 35
HOWTOINSTALLAND CONFIGUREAZUREAD CONNECT Adam GrossJuly 9, 2019SCCM4 Comments If you have an existing on-premises Active Directory infrastructure and plan to use SCCM Co- Management, you will need Azure AD Connect. This post will cover installing Azure AD Connect and configuring Hybrid Azure AD Join and Seamless Single Sign-On using Password Hash Sync. There are many additional options that are covered in the Microsoft Docs. This post assumes you already have an Azure Active Directory tenant and have added your custom domain to Azure AD. WHERE TO GET AZURE AD CONNECT  Log into your Azure AD Tenant by going to portal.azure.com.  Click Azure Active Directory
 Select Azure AD Connect  Click Download Azure AD Connect
INSTALLING AZURE AD CONNECT  Review the latest latest prerequisite information from Microsoft Docs, specifically the Azure AD Connect server section to ensure that your server meets the requirements.  Launch the AzureADConnect.msi that you downloaded in the previous step.  You will be presented with the Microsoft Azure Active Directory Connect wizard welcome screen.  Click Continue.
 Once you have chosen the server begin installation. You will choose between Express and Custom installation. This post will cover using Express settings.  Notice message below indicating that the domain is not routable. This will be covered later in the post.  Click Use express settings.
 Enter your Azure AD global administrator credentials and click Next – this account is only needed for configuring AAD Connect.
Enter the Active Directory Domain Services enterprise administrator credentials and click Next – this account is only needed for configuring AAD Connect.
 If you see the Azure AD Sign-in configuration page, review any domains not listed as Verified and verify it in Azure AD before continuing.  Once you’ve verified your domain, click the Refresh icon and the status should change to Verified.  Alternatively, you can check the box for Continue without matching all UPN sufixes to verified domains. This will allow you to continue the Azure AD Connect wizard, however you will need to complete the verification process before users can log into Azure AD.  Click Next
 If you verified your domain(s) in the previous step, check the box for Start the synchronization process when configuration completes, otherwise uncheck the box and click Install.  If you unchecked the box, sync will be configured, but won’t run until you re-run the AAD Connect wizard.
 Any errors or action items will be listed in the Configuration complete page. Click Exit to complete setup.
 When you log into your Azure AD tenant and select Users, you should see new synchronized user accounts indicating that sync is working as expected.  You can also begin assigning licenses to users in Azure at this time.
CONFIGURING HYBRID AZURE AD JOIN IN AZURE ACTIVE DIRECTORY CONNECT  To Enable Hybrid Azure AD join for your on-premises devices, launch the AAD Connect wizard again and click Configure on the first page.  On the Additional tasks screen, there are many options for additional configuration. Select Configure device options then click Next.
 The Overview page describes the difference between Hybrid Azure AD Join and Device writeback. Click Next.
 Enter your Azure AD global administrator credentials and click Next.
 Select Configure Hybrid Azure AD join and click Next.
 Check the box for Windows 10 or later domain-joined devices and click Next.
 The Service Connection Point (SCP) will need to be configured for each forest where you want to enable Hybrid Azure AD join. Using the drop down, for each domain, select the Authentication Service.  Click Add to enter your on premises Active Directory Enterprise Admin credentials.  Click Next.
 Click Configure to begin configuring the SCP.
 Any errors or action items will be listed in the Configuration complete page. Click Exit to complete setup.
CONFIGURING SEAMLESS SINGLE SIGN ON IN AZURE ACTIVE DIRECTORY CONNECT  To enable Seamless Single Sign On (SSO), relaunch the AAD Connect configuration wizard. and click Configure.
 Select Change user sign-in and click Next.
 Enter your Azure AD global administrator credentials and click Next.
 On the User sign-in page, you can select various sign-in options. In this case, we will select Password Hash Synchronization.  Check the box for Enable single sign-on then click Next.
 Check the box for Start the synchronization process when configuration completes and click Configure.
 Any errors or action items will be listed in the Configuration complete page. Click Exit to complete setup.
DEPLOYINGSEAMLESS SINGLE SIGN ON USING GROUP POLICY For a full explanation of SSO, including a deployment planning guide, check out the Microsoft Docs. Assuming you’ve already done so, here’s how you deploy SSO using GPO.  To enable SSO on your on-premises devices, you must configure group policy settings. Add the following settings to a new or existing GPO and deploy to any devices that you wish to enable SSO on. See Microsoft Docs for additional options for rolling out SSO.  In the Group Policy Management Editor, navigate to User Configuration > Policy > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.  Select Site to Zone Assignment List.
 Select the Enabled radio button then enter the following value.  Value name: https://autologon.microsoftazuread-sso.com Value: 1
 Navigate to User Configuration > Administrative Templates Policy > **> Windows Components > Internet Explorer > Internet Control Panel > Security Page > Intranet Zone.  Select Allow updates to status bar via script.
 Click the Enabled radio button then select Enable from the drop down as shown.
MANAGING NON-ROUTABLEINTERNAL DOMAIN NAMES If you your internal domain name is non-routable, like asd.local or asd.lab, you will need either change your internal domain name (which would require you to migrate your SCCM instance to a new domain) or add a UPN and update your user’s with the new routable domain. You can find more information and a script to automate changing all of your users here.  To add a new UPN, open Active Directory Domains and Trusts, right click on the domain you want to add a UPN to and click Properties.
 Enter the your new UPN and click Add. (I purchased a cheap domain name with the extension .site for this demo.)
 Open Active Directory Users and Computers, right click the user you want to edit and click Properties then select the Account Tab.  From the drop down next the user name, you will see your newly added UPN. Select it and click OK.
 Add the new custom domain to Azure AD by navigating to https://portal.azure.com then clicking Azure Active Directory then Custom domain names.  Click Add custom domain
 Enter your custom domain name then click Add Domain.  You will see a screen with TXT records that you will need to enter with your domain name registrar. Once entered, click Verify to complete the setup.
TESTING SEAMLESS SINGLE-SIGN ON You can test SSO by using the following tests provided by Microsoft: To test the scenario where the user enters only the username, but not the password: – Sign in to https://myapps.microsoft.com/ in a new private browser session. To test the scenario where the user doesn’t have to enter the username or the password, use one of these steps:
– Sign in to https://myapps.microsoft.com/contoso.onmicrosoft.com in a new private browser session. Replace contoso with your tenant’s name. – Sign in to https://myapps.microsoft.com/contoso.com in a new private browser session. Replace contoso.com with a verified domain (not a federated domain) on your tenant. SUMMARY Now, whenever your users log in using their local domain credentials, they will be able to access Azure resources via single sign-on. Also, your devices are being synced to Azure Active Directory now and can be configured to Auto-Enroll into Intune to enable Co-Management and more! Stay tuned! 4 COMMENTS ON “HOW TO INSTALL AND CONFIGURE AZURE AD CONNECT” 1. Pingback: Azure AD Connect a replikace účtů z On-Premises AD DS – ITmix.cz

Empfohlen

WordPress + Office 365 | Quick Installation Guide v9.6
WordPress + Office 365 | Quick Installation Guide v9.6WordPress + Office 365 | Quick Installation Guide v9.6
WordPress + Office 365 | Quick Installation Guide v9.6Marco van Wieren
 
03 setting up database server sample
03 setting up database server sample03 setting up database server sample
03 setting up database server sampleSarath Chandra Aravapalli
 
Microsoft Azure,AWS Cloud services and it's use
Microsoft Azure,AWS Cloud services and it's useMicrosoft Azure,AWS Cloud services and it's use
Microsoft Azure,AWS Cloud services and it's useAslam Diwan
 
A Quick Guide of Wildcard SSL Certificate Installation on IIS Web Servers
A Quick Guide of Wildcard SSL Certificate Installation on IIS Web ServersA Quick Guide of Wildcard SSL Certificate Installation on IIS Web Servers
A Quick Guide of Wildcard SSL Certificate Installation on IIS Web ServersRapidSSLOnline.com
 
Windows 10 Autopilot #BITPro User Group Event
Windows 10 Autopilot #BITPro User Group EventWindows 10 Autopilot #BITPro User Group Event
Windows 10 Autopilot #BITPro User Group EventAnoop Nair
 
V mware view 4
V mware view 4V mware view 4
V mware view 4Licensed Killer'o
 
Install windows sql 2016 enter prise on azure portal cloud step by step with ...
Install windows sql 2016 enter prise on azure portal cloud step by step with ...Install windows sql 2016 enter prise on azure portal cloud step by step with ...
Install windows sql 2016 enter prise on azure portal cloud step by step with ...Prashant Kumar Singh
 
EasiShare AWS Setup Guide
EasiShare AWS Setup GuideEasiShare AWS Setup Guide
EasiShare AWS Setup GuideInspire-Tech Inc
 

Empfohlen

WordPress + Office 365 | Quick Installation Guide v9.6
WordPress + Office 365 | Quick Installation Guide v9.6WordPress + Office 365 | Quick Installation Guide v9.6
WordPress + Office 365 | Quick Installation Guide v9.6Marco van Wieren
 
03 setting up database server sample
03 setting up database server sample03 setting up database server sample
03 setting up database server sampleSarath Chandra Aravapalli
 
Microsoft Azure,AWS Cloud services and it's use
Microsoft Azure,AWS Cloud services and it's useMicrosoft Azure,AWS Cloud services and it's use
Microsoft Azure,AWS Cloud services and it's useAslam Diwan
 
A Quick Guide of Wildcard SSL Certificate Installation on IIS Web Servers
A Quick Guide of Wildcard SSL Certificate Installation on IIS Web ServersA Quick Guide of Wildcard SSL Certificate Installation on IIS Web Servers
A Quick Guide of Wildcard SSL Certificate Installation on IIS Web ServersRapidSSLOnline.com
 
Windows 10 Autopilot #BITPro User Group Event
Windows 10 Autopilot #BITPro User Group EventWindows 10 Autopilot #BITPro User Group Event
Windows 10 Autopilot #BITPro User Group EventAnoop Nair
 
V mware view 4
V mware view 4V mware view 4
V mware view 4Licensed Killer'o
 
Install windows sql 2016 enter prise on azure portal cloud step by step with ...
Install windows sql 2016 enter prise on azure portal cloud step by step with ...Install windows sql 2016 enter prise on azure portal cloud step by step with ...
Install windows sql 2016 enter prise on azure portal cloud step by step with ...Prashant Kumar Singh
 
EasiShare AWS Setup Guide
EasiShare AWS Setup GuideEasiShare AWS Setup Guide
EasiShare AWS Setup GuideInspire-Tech Inc
 
Oracle install
Oracle installOracle install
Oracle installVijay Kumar
 
Dot netnuke07 setpbysetp
Dot netnuke07 setpbysetpDot netnuke07 setpbysetp
Dot netnuke07 setpbysetpVinod Dangudubiyyapu
 
Sharepoint
SharepointSharepoint
Sharepointthan sare
 
Activate Kaspersky Internet Security
Activate Kaspersky Internet SecurityActivate Kaspersky Internet Security
Activate Kaspersky Internet Securitymariarodriguez1327
 
SAP Cloud for Customer - User Creation & Password issue Handling
SAP Cloud for Customer - User Creation & Password issue HandlingSAP Cloud for Customer - User Creation & Password issue Handling
SAP Cloud for Customer - User Creation & Password issue HandlingRishikesh Sah
 
Configuring a web logic domain and server
Configuring a web logic domain and serverConfiguring a web logic domain and server
Configuring a web logic domain and serverggopinath50
 
SSO to Office365 using Active Directory Credentials
SSO to Office365 using Active Directory CredentialsSSO to Office365 using Active Directory Credentials
SSO to Office365 using Active Directory CredentialsSalim M Bhonhariya
 
Infra Project report2
Infra Project report2Infra Project report2
Infra Project report2jitendra sharma
 
GigaSpaces CCF Quick Tour - 2.3.6
GigaSpaces CCF Quick Tour - 2.3.6GigaSpaces CCF Quick Tour - 2.3.6
GigaSpaces CCF Quick Tour - 2.3.6Shay Hassidim
 
Azure with Visual Studio LightSwitch
Azure with Visual Studio LightSwitchAzure with Visual Studio LightSwitch
Azure with Visual Studio LightSwitchCheah Eng Soon
 
Unicef-LaptopTrustIssues
Unicef-LaptopTrustIssuesUnicef-LaptopTrustIssues
Unicef-LaptopTrustIssuesMatt R
 
Auto backup
Auto backupAuto backup
Auto backupAtul Bhola
 
edX on Google Cloud Platform
edX on Google Cloud PlatformedX on Google Cloud Platform
edX on Google Cloud PlatformZdenko Hrček
 
Create Applicationwith IIS 7
Create Applicationwith IIS 7Create Applicationwith IIS 7
Create Applicationwith IIS 7Sandeep Verma
 
( 2 ) Office 2007 Create A Portal
( 2 ) Office 2007 Create A Portal( 2 ) Office 2007 Create A Portal
( 2 ) Office 2007 Create A PortalLiquidHub
 
Internet explorer setting for oracle hyperion products
Internet explorer setting for oracle hyperion productsInternet explorer setting for oracle hyperion products
Internet explorer setting for oracle hyperion productsPraveen Dhondi
 
ScrumDesk API Installation
ScrumDesk API InstallationScrumDesk API Installation
ScrumDesk API InstallationScrumDesk
 
Rf meetup 16.3.2017 tampere share
Rf meetup 16.3.2017 tampere shareRf meetup 16.3.2017 tampere share
Rf meetup 16.3.2017 tampere shareMika Tavi
 
Microsoft Dynamics CRM 2013 development server installation
Microsoft Dynamics CRM 2013 development server installationMicrosoft Dynamics CRM 2013 development server installation
Microsoft Dynamics CRM 2013 development server installationJukka Niiranen
 
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...Amazon Web Services
 
Understanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell ToolsUnderstanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell ToolsEPC Group
 
Advanced configuration
Advanced configurationAdvanced configuration
Advanced configurationRobert Crane
 

Weitere ähnliche Inhalte

Was ist angesagt?

Activate Kaspersky Internet Security
Activate Kaspersky Internet SecurityActivate Kaspersky Internet Security
Activate Kaspersky Internet Securitymariarodriguez1327
 
SAP Cloud for Customer - User Creation & Password issue Handling
SAP Cloud for Customer - User Creation & Password issue HandlingSAP Cloud for Customer - User Creation & Password issue Handling
SAP Cloud for Customer - User Creation & Password issue HandlingRishikesh Sah
 
Configuring a web logic domain and server
Configuring a web logic domain and serverConfiguring a web logic domain and server
Configuring a web logic domain and serverggopinath50
 
SSO to Office365 using Active Directory Credentials
SSO to Office365 using Active Directory CredentialsSSO to Office365 using Active Directory Credentials
SSO to Office365 using Active Directory CredentialsSalim M Bhonhariya
 
GigaSpaces CCF Quick Tour - 2.3.6
GigaSpaces CCF Quick Tour - 2.3.6GigaSpaces CCF Quick Tour - 2.3.6
GigaSpaces CCF Quick Tour - 2.3.6Shay Hassidim
 
Azure with Visual Studio LightSwitch
Azure with Visual Studio LightSwitchAzure with Visual Studio LightSwitch
Azure with Visual Studio LightSwitchCheah Eng Soon
 
Unicef-LaptopTrustIssues
Unicef-LaptopTrustIssuesUnicef-LaptopTrustIssues
Unicef-LaptopTrustIssuesMatt R
 
edX on Google Cloud Platform
edX on Google Cloud PlatformedX on Google Cloud Platform
edX on Google Cloud PlatformZdenko Hrček
 
Create Applicationwith IIS 7
Create Applicationwith IIS 7Create Applicationwith IIS 7
Create Applicationwith IIS 7Sandeep Verma
 
( 2 ) Office 2007 Create A Portal
( 2 ) Office 2007 Create A Portal( 2 ) Office 2007 Create A Portal
( 2 ) Office 2007 Create A PortalLiquidHub
 
Internet explorer setting for oracle hyperion products
Internet explorer setting for oracle hyperion productsInternet explorer setting for oracle hyperion products
Internet explorer setting for oracle hyperion productsPraveen Dhondi
 
ScrumDesk API Installation
ScrumDesk API InstallationScrumDesk API Installation
ScrumDesk API InstallationScrumDesk
 
Rf meetup 16.3.2017 tampere share
Rf meetup 16.3.2017 tampere shareRf meetup 16.3.2017 tampere share
Rf meetup 16.3.2017 tampere shareMika Tavi
 

Was ist angesagt? (18)

Oracle install
Oracle installOracle install
Oracle install
 
Dot netnuke07 setpbysetp
Dot netnuke07 setpbysetpDot netnuke07 setpbysetp
Dot netnuke07 setpbysetp
 
Sharepoint
SharepointSharepoint
Sharepoint
 
Activate Kaspersky Internet Security
Activate Kaspersky Internet SecurityActivate Kaspersky Internet Security
Activate Kaspersky Internet Security
 
SAP Cloud for Customer - User Creation & Password issue Handling
SAP Cloud for Customer - User Creation & Password issue HandlingSAP Cloud for Customer - User Creation & Password issue Handling
SAP Cloud for Customer - User Creation & Password issue Handling
 
Configuring a web logic domain and server
Configuring a web logic domain and serverConfiguring a web logic domain and server
Configuring a web logic domain and server
 
SSO to Office365 using Active Directory Credentials
SSO to Office365 using Active Directory CredentialsSSO to Office365 using Active Directory Credentials
SSO to Office365 using Active Directory Credentials
 
Infra Project report2
Infra Project report2Infra Project report2
Infra Project report2
 
GigaSpaces CCF Quick Tour - 2.3.6
GigaSpaces CCF Quick Tour - 2.3.6GigaSpaces CCF Quick Tour - 2.3.6
GigaSpaces CCF Quick Tour - 2.3.6
 
Azure with Visual Studio LightSwitch
Azure with Visual Studio LightSwitchAzure with Visual Studio LightSwitch
Azure with Visual Studio LightSwitch
 
Unicef-LaptopTrustIssues
Unicef-LaptopTrustIssuesUnicef-LaptopTrustIssues
Unicef-LaptopTrustIssues
 
Auto backup
Auto backupAuto backup
Auto backup
 
edX on Google Cloud Platform
edX on Google Cloud PlatformedX on Google Cloud Platform
edX on Google Cloud Platform
 
Create Applicationwith IIS 7
Create Applicationwith IIS 7Create Applicationwith IIS 7
Create Applicationwith IIS 7
 
( 2 ) Office 2007 Create A Portal
( 2 ) Office 2007 Create A Portal( 2 ) Office 2007 Create A Portal
( 2 ) Office 2007 Create A Portal
 
Internet explorer setting for oracle hyperion products
Internet explorer setting for oracle hyperion productsInternet explorer setting for oracle hyperion products
Internet explorer setting for oracle hyperion products
 
ScrumDesk API Installation
ScrumDesk API InstallationScrumDesk API Installation
ScrumDesk API Installation
 
Rf meetup 16.3.2017 tampere share
Rf meetup 16.3.2017 tampere shareRf meetup 16.3.2017 tampere share
Rf meetup 16.3.2017 tampere share
 

Ähnlich wie HOW TO INSTALL AND CONFIGURE AZURE AD CONNECT.docx

Microsoft Dynamics CRM 2013 development server installation
Microsoft Dynamics CRM 2013 development server installationMicrosoft Dynamics CRM 2013 development server installation
Microsoft Dynamics CRM 2013 development server installationJukka Niiranen
 
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...Amazon Web Services
 
Understanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell ToolsUnderstanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell ToolsEPC Group
 
Advanced configuration
Advanced configurationAdvanced configuration
Advanced configurationRobert Crane
 
Application Catalog and Approval Runbooks Sample
Application Catalog and Approval Runbooks SampleApplication Catalog and Approval Runbooks Sample
Application Catalog and Approval Runbooks SampleJames Donnelly
 
Get Started With Microsoft Azure Cloud Service
Get Started With Microsoft Azure Cloud ServiceGet Started With Microsoft Azure Cloud Service
Get Started With Microsoft Azure Cloud ServiceJayant Chauhan
 
Configuration manager
Configuration managerConfiguration manager
Configuration managerRaghu nath
 
Deploy sql express and share point foundation
Deploy sql express and share point foundationDeploy sql express and share point foundation
Deploy sql express and share point foundationTep Chanveasna
 
windows azure cloud services - Lab Manual
windows azure cloud services - Lab Manualwindows azure cloud services - Lab Manual
windows azure cloud services - Lab ManualArun Kumar
 
Step by step installation of microsoft dynamics 365 finance and operations on...
Step by step installation of microsoft dynamics 365 finance and operations on...Step by step installation of microsoft dynamics 365 finance and operations on...
Step by step installation of microsoft dynamics 365 finance and operations on...Umesh Pandit
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
 
Windows azure active directory
Windows azure active directoryWindows azure active directory
Windows azure active directoryKrunal Trivedi
 
Active directory installation on windows server 2012
Active directory installation on windows server 2012Active directory installation on windows server 2012
Active directory installation on windows server 2012Ricardo Solís
 
Azure active directory connect to a single domain
Azure active directory connect to a single domainAzure active directory connect to a single domain
Azure active directory connect to a single domainIntelice Solutions LLC
 
Windows prosystemserverinstallguide
Windows prosystemserverinstallguideWindows prosystemserverinstallguide
Windows prosystemserverinstallguidedjedvaji
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAnthony Clendenen
 
ATG - Commerce Service Center (CSC)
ATG - Commerce Service Center (CSC)ATG - Commerce Service Center (CSC)
ATG - Commerce Service Center (CSC)Keyur Shah
 
Website with AWS+WORDPRESS
Website with AWS+WORDPRESSWebsite with AWS+WORDPRESS
Website with AWS+WORDPRESSMrUtsavgohel
 

Ähnlich wie HOW TO INSTALL AND CONFIGURE AZURE AD CONNECT.docx (20)

Microsoft Dynamics CRM 2013 development server installation
Microsoft Dynamics CRM 2013 development server installationMicrosoft Dynamics CRM 2013 development server installation
Microsoft Dynamics CRM 2013 development server installation
 
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
 
Understanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell ToolsUnderstanding Windows Azure’s Active Directory (AD) and PowerShell Tools
Understanding Windows Azure’s Active Directory (AD) and PowerShell Tools
 
Advanced configuration
Advanced configurationAdvanced configuration
Advanced configuration
 
Application Catalog and Approval Runbooks Sample
Application Catalog and Approval Runbooks SampleApplication Catalog and Approval Runbooks Sample
Application Catalog and Approval Runbooks Sample
 
Get Started With Microsoft Azure Cloud Service
Get Started With Microsoft Azure Cloud ServiceGet Started With Microsoft Azure Cloud Service
Get Started With Microsoft Azure Cloud Service
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on lab
 
Configuration manager
Configuration managerConfiguration manager
Configuration manager
 
Deploy sql express and share point foundation
Deploy sql express and share point foundationDeploy sql express and share point foundation
Deploy sql express and share point foundation
 
windows azure cloud services - Lab Manual
windows azure cloud services - Lab Manualwindows azure cloud services - Lab Manual
windows azure cloud services - Lab Manual
 
Step by step installation of microsoft dynamics 365 finance and operations on...
Step by step installation of microsoft dynamics 365 finance and operations on...Step by step installation of microsoft dynamics 365 finance and operations on...
Step by step installation of microsoft dynamics 365 finance and operations on...
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
 
Windows azure active directory
Windows azure active directoryWindows azure active directory
Windows azure active directory
 
Active directory installation on windows server 2012
Active directory installation on windows server 2012Active directory installation on windows server 2012
Active directory installation on windows server 2012
 
Azure active directory connect to a single domain
Azure active directory connect to a single domainAzure active directory connect to a single domain
Azure active directory connect to a single domain
 
Windows prosystemserverinstallguide
Windows prosystemserverinstallguideWindows prosystemserverinstallguide
Windows prosystemserverinstallguide
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD Deployment
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
ATG - Commerce Service Center (CSC)
ATG - Commerce Service Center (CSC)ATG - Commerce Service Center (CSC)
ATG - Commerce Service Center (CSC)
 
Website with AWS+WORDPRESS
Website with AWS+WORDPRESSWebsite with AWS+WORDPRESS
Website with AWS+WORDPRESS
 

Kürzlich hochgeladen

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Kürzlich hochgeladen (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

HOW TO INSTALL AND CONFIGURE AZURE AD CONNECT.docx

  • 1. HOWTOINSTALLAND CONFIGUREAZUREAD CONNECT Adam GrossJuly 9, 2019SCCM4 Comments If you have an existing on-premises Active Directory infrastructure and plan to use SCCM Co- Management, you will need Azure AD Connect. This post will cover installing Azure AD Connect and configuring Hybrid Azure AD Join and Seamless Single Sign-On using Password Hash Sync. There are many additional options that are covered in the Microsoft Docs. This post assumes you already have an Azure Active Directory tenant and have added your custom domain to Azure AD. WHERE TO GET AZURE AD CONNECT  Log into your Azure AD Tenant by going to portal.azure.com.  Click Azure Active Directory
  • 2.  Select Azure AD Connect  Click Download Azure AD Connect
  • 3. INSTALLING AZURE AD CONNECT  Review the latest latest prerequisite information from Microsoft Docs, specifically the Azure AD Connect server section to ensure that your server meets the requirements.  Launch the AzureADConnect.msi that you downloaded in the previous step.  You will be presented with the Microsoft Azure Active Directory Connect wizard welcome screen.  Click Continue.
  • 4.  Once you have chosen the server begin installation. You will choose between Express and Custom installation. This post will cover using Express settings.  Notice message below indicating that the domain is not routable. This will be covered later in the post.  Click Use express settings.
  • 5.  Enter your Azure AD global administrator credentials and click Next – this account is only needed for configuring AAD Connect.
  • 6. Enter the Active Directory Domain Services enterprise administrator credentials and click Next – this account is only needed for configuring AAD Connect.
  • 7.  If you see the Azure AD Sign-in configuration page, review any domains not listed as Verified and verify it in Azure AD before continuing.  Once you’ve verified your domain, click the Refresh icon and the status should change to Verified.  Alternatively, you can check the box for Continue without matching all UPN sufixes to verified domains. This will allow you to continue the Azure AD Connect wizard, however you will need to complete the verification process before users can log into Azure AD.  Click Next
  • 8.  If you verified your domain(s) in the previous step, check the box for Start the synchronization process when configuration completes, otherwise uncheck the box and click Install.  If you unchecked the box, sync will be configured, but won’t run until you re-run the AAD Connect wizard.
  • 9.  Any errors or action items will be listed in the Configuration complete page. Click Exit to complete setup.
  • 10.  When you log into your Azure AD tenant and select Users, you should see new synchronized user accounts indicating that sync is working as expected.  You can also begin assigning licenses to users in Azure at this time.
  • 11. CONFIGURING HYBRID AZURE AD JOIN IN AZURE ACTIVE DIRECTORY CONNECT  To Enable Hybrid Azure AD join for your on-premises devices, launch the AAD Connect wizard again and click Configure on the first page.  On the Additional tasks screen, there are many options for additional configuration. Select Configure device options then click Next.
  • 12.  The Overview page describes the difference between Hybrid Azure AD Join and Device writeback. Click Next.
  • 13.  Enter your Azure AD global administrator credentials and click Next.
  • 14.  Select Configure Hybrid Azure AD join and click Next.
  • 15.  Check the box for Windows 10 or later domain-joined devices and click Next.
  • 16.  The Service Connection Point (SCP) will need to be configured for each forest where you want to enable Hybrid Azure AD join. Using the drop down, for each domain, select the Authentication Service.  Click Add to enter your on premises Active Directory Enterprise Admin credentials.  Click Next.
  • 17.  Click Configure to begin configuring the SCP.
  • 18.  Any errors or action items will be listed in the Configuration complete page. Click Exit to complete setup.
  • 19. CONFIGURING SEAMLESS SINGLE SIGN ON IN AZURE ACTIVE DIRECTORY CONNECT  To enable Seamless Single Sign On (SSO), relaunch the AAD Connect configuration wizard. and click Configure.
  • 20.  Select Change user sign-in and click Next.
  • 21.  Enter your Azure AD global administrator credentials and click Next.
  • 22.  On the User sign-in page, you can select various sign-in options. In this case, we will select Password Hash Synchronization.  Check the box for Enable single sign-on then click Next.
  • 23.  Check the box for Start the synchronization process when configuration completes and click Configure.
  • 24.  Any errors or action items will be listed in the Configuration complete page. Click Exit to complete setup.
  • 25. DEPLOYINGSEAMLESS SINGLE SIGN ON USING GROUP POLICY For a full explanation of SSO, including a deployment planning guide, check out the Microsoft Docs. Assuming you’ve already done so, here’s how you deploy SSO using GPO.  To enable SSO on your on-premises devices, you must configure group policy settings. Add the following settings to a new or existing GPO and deploy to any devices that you wish to enable SSO on. See Microsoft Docs for additional options for rolling out SSO.  In the Group Policy Management Editor, navigate to User Configuration > Policy > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.  Select Site to Zone Assignment List.
  • 26.  Select the Enabled radio button then enter the following value.  Value name: https://autologon.microsoftazuread-sso.com Value: 1
  • 27.  Navigate to User Configuration > Administrative Templates Policy > **> Windows Components > Internet Explorer > Internet Control Panel > Security Page > Intranet Zone.  Select Allow updates to status bar via script.
  • 28.  Click the Enabled radio button then select Enable from the drop down as shown.
  • 29. MANAGING NON-ROUTABLEINTERNAL DOMAIN NAMES If you your internal domain name is non-routable, like asd.local or asd.lab, you will need either change your internal domain name (which would require you to migrate your SCCM instance to a new domain) or add a UPN and update your user’s with the new routable domain. You can find more information and a script to automate changing all of your users here.  To add a new UPN, open Active Directory Domains and Trusts, right click on the domain you want to add a UPN to and click Properties.
  • 30.  Enter the your new UPN and click Add. (I purchased a cheap domain name with the extension .site for this demo.)
  • 31.  Open Active Directory Users and Computers, right click the user you want to edit and click Properties then select the Account Tab.  From the drop down next the user name, you will see your newly added UPN. Select it and click OK.
  • 32.  Add the new custom domain to Azure AD by navigating to https://portal.azure.com then clicking Azure Active Directory then Custom domain names.  Click Add custom domain
  • 33.  Enter your custom domain name then click Add Domain.  You will see a screen with TXT records that you will need to enter with your domain name registrar. Once entered, click Verify to complete the setup.
  • 34. TESTING SEAMLESS SINGLE-SIGN ON You can test SSO by using the following tests provided by Microsoft: To test the scenario where the user enters only the username, but not the password: – Sign in to https://myapps.microsoft.com/ in a new private browser session. To test the scenario where the user doesn’t have to enter the username or the password, use one of these steps:
  • 35. – Sign in to https://myapps.microsoft.com/contoso.onmicrosoft.com in a new private browser session. Replace contoso with your tenant’s name. – Sign in to https://myapps.microsoft.com/contoso.com in a new private browser session. Replace contoso.com with a verified domain (not a federated domain) on your tenant. SUMMARY Now, whenever your users log in using their local domain credentials, they will be able to access Azure resources via single sign-on. Also, your devices are being synced to Azure Active Directory now and can be configured to Auto-Enroll into Intune to enable Co-Management and more! Stay tuned! 4 COMMENTS ON “HOW TO INSTALL AND CONFIGURE AZURE AD CONNECT” 1. Pingback: Azure AD Connect a replikace účtů z On-Premises AD DS – ITmix.cz