Microsoft AAD Connect Preview is the next step

Microsoft AAD Connect Preview is the next step

msemsWhen setting up an Enterprise Mobility Suite (EMS) environment and you want to use your own Active Directory domain you definitely need to setup synchronization services with Azure AD. Where we needed to setup DirSync in the past we now need to install and configure the successor Azure AD Sync or the Azure AD Connect synchronization service. You can do this by downloading this tool or by downloading Microsoft Azure Active Directory Connect which is still in preview but does a really great job in simplifying the setup process. Let’s have a look.

When stating the setup the Microsoft Azure Active Directory Connect tool assist you by installing the prerequisites that are needed to be able to synchronize users and groups from your on premise AD to Azure AD. It will automatically install the following products if they do not exist;

  • Microsoft Online Services Sign-In Assistant for IT Professionals
  • Windows Azure Active Directory Module for Windows PowerShell
  • Microsoft Visual C++ 2013 Redistributable Package
Install the prereqs

Install the prereqs

After getting the prerequisites ready the Azure AD Connect synchronization service will be installed. Azure AD Connect synchronization service needs a SQL database, you can configure an existing one or a SQL Express version will be automatically installed. Next we need to provide the username of a Azure AD user that is a member of the Global Administrator role.

Connect to Azure AD

Connect to Azure AD

After the synchronization service installed and connected with Azure AD we are able to customize the configuration of Azure AD Connect synchronization service, and more J So if we do not choose to use the express settings as shown below we are able to configure Single Sign On via Password Synchronization, Federation with AD FS.

Use customize option

Use customize option

Custom options

Custom options

Since I do not have this small lab setup to be able to use AD FS (will show this in my next blog) I will choose Password Synchronization and connect my Active Directory. Microsoft Azure Active Directory Connect allows you to synchronize more than one directory, which is really cool if you ask me.

Add your on premise AD

Add your on premise AD

The next step is that you are able to filter users and groups by DN or Group Membership. So no hacking in FIM (which is not part of this solution anymore) anymore.

Filter or synchronize everything

Filter or synchronize everything

Next you need configure how the user in on premise directories is identified. Is a user represented only once across multiple directories or does user identities exist across multiple directories. Based on attributes you are able to configure how a user must be matched. If you only use one Active Directory as a source you can easily use the defaults as shown below.

Select the attributes

Select the attributes

As you see the Microsoft Azure Active Directory Connect tool assist you heavily in setting up the synchronization service. But is does more, optionally you are able to configure the following features:

Exchange hybrid deployment

The Exchange hybrid deployment features allows co-existance of Exchange mailboxes on both on premises as in Azure by synchronizing a specific set of attributes from Azure AD back to your own Active Directory.

Password writeback

If the password changes in Azure AD, it will be written back to your own Active Directory.

User writeback

If a user is created in Azure AD, it will be written back to your own Active Directory.

And:

  • Azure AD app and attribute filtering
  • Group writeback
  • Device writebrack
  • Device Sync
  • Directory extension attribute sync

Selecting two options as shown below allows us to configure the writeback location in the on premise Active Directory.

Additional options

Additional options

Select the target OU

Select the target OU

The Final step in the really great wizard is to install and configure the synchronization process.

Configure!

Configure!

All done, that was easy!

All done, that was easy!

Next the synchronization service has been setup and we are ready to be able to synchronize the users to Azure Active Directory.

Next time we will have a look how to setup AD FS, the easy way.

 

 

Comments

 
Comments

Both of the articles you have written to upgrade dirsync to aad are great. Any chance the new aad tool takes care of automating license assignments???

Peter Daalmans

Not sure, you might add it as feedback to the product team via connect.microsoft.com. I think I saw a blog somewhere that had something to do with licenses based on group memberships.

Trackbacks for this post

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.

 
Read previous post:
Two sessions at IT/Dev Connections in September accepted

The Easter weekend ended very great after getting two sessions at IT/Dev Connections approved. IT/Dev Read more

Close