Microsoft AAD Connect Preview is the next step

msemsWhen setting up an Enterprise Mobility Suite (EMS) environment and you want to use your own Active Directory domain you definitely need to setup synchronization services with Azure AD. Where we needed to setup DirSync in the past we now need to install and configure the successor Azure AD Sync or the Azure AD Connect synchronization service. You can do this by downloading this tool or by downloading Microsoft Azure Active Directory Connect which is still in preview but does a really great job in simplifying the setup process. Let’s have a look.

When stating the setup the Microsoft Azure Active Directory Connect tool assist you by installing the prerequisites that are needed to be able to synchronize users and groups from your on premise AD to Azure AD. It will automatically install the following products if they do not exist;

  • Microsoft Online Services Sign-In Assistant for IT Professionals
  • Windows Azure Active Directory Module for Windows PowerShell
  • Microsoft Visual C++ 2013 Redistributable Package
Install the prereqs
Install the prereqs

After getting the prerequisites ready the Azure AD Connect synchronization service will be installed. Azure AD Connect synchronization service needs a SQL database, you can configure an existing one or a SQL Express version will be automatically installed. Next we need to provide the username of a Azure AD user that is a member of the Global Administrator role.

Connect to Azure AD
Connect to Azure AD

After the synchronization service installed and connected with Azure AD we are able to customize the configuration of Azure AD Connect synchronization service, and more J So if we do not choose to use the express settings as shown below we are able to configure Single Sign On via Password Synchronization, Federation with AD FS.

Use customize option
Use customize option
Custom options
Custom options

Since I do not have this small lab setup to be able to use AD FS (will show this in my next blog) I will choose Password Synchronization and connect my Active Directory. Microsoft Azure Active Directory Connect allows you to synchronize more than one directory, which is really cool if you ask me.

Add your on premise AD
Add your on premise AD

The next step is that you are able to filter users and groups by DN or Group Membership. So no hacking in FIM (which is not part of this solution anymore) anymore.

Filter or synchronize everything
Filter or synchronize everything

Next you need configure how the user in on premise directories is identified. Is a user represented only once across multiple directories or does user identities exist across multiple directories. Based on attributes you are able to configure how a user must be matched. If you only use one Active Directory as a source you can easily use the defaults as shown below.

Select the attributes
Select the attributes

As you see the Microsoft Azure Active Directory Connect tool assist you heavily in setting up the synchronization service. But is does more, optionally you are able to configure the following features:

Exchange hybrid deployment

The Exchange hybrid deployment features allows co-existance of Exchange mailboxes on both on premises as in Azure by synchronizing a specific set of attributes from Azure AD back to your own Active Directory.

Password writeback

If the password changes in Azure AD, it will be written back to your own Active Directory.

User writeback

If a user is created in Azure AD, it will be written back to your own Active Directory.

And:

  • Azure AD app and attribute filtering
  • Group writeback
  • Device writebrack
  • Device Sync
  • Directory extension attribute sync

Selecting two options as shown below allows us to configure the writeback location in the on premise Active Directory.

Additional options
Additional options
Select the target OU
Select the target OU

The Final step in the really great wizard is to install and configure the synchronization process.

Configure!
Configure!
All done, that was easy!
All done, that was easy!

Next the synchronization service has been setup and we are ready to be able to synchronize the users to Azure Active Directory.

Next time we will have a look how to setup AD FS, the easy way.

 

 

Comments

Total
0
Shares
4 comments
  1. Both of the articles you have written to upgrade dirsync to aad are great. Any chance the new aad tool takes care of automating license assignments???

    1. Not sure, you might add it as feedback to the product team via connect.microsoft.com. I think I saw a blog somewhere that had something to do with licenses based on group memberships.

  2. Hi Peter

    You said “Next time we will have a look how to setup AD FS, the easy way.” has this been published or in progress 🙂

    Love your blog a great source of info
    Many Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Two sessions at IT/Dev Connections in September accepted

Next Post

Microsoft Intune Company Portal Support news released

Related Posts
Total
0
Share