Configuring Azure AD Directory Sync

Microsoft Azure Active Directory is a great resource to provide instantaneous authentication options for Web application and resources. Very often, though, you already have your local directory, with users that already their own passwords. Fear not! Active Directory Sync tool to the rescue!

Here go some simple steps I did to set it up in my lab, mistakes included. I’m really glad when I can troll through some like that and bump my head against the walls. That’s when you learn! (or when you get a concussion…). But anyways, here they go.

Let’s start by creating an Azure Directory.

image

image

I have actually used fehsecorp only, to fehsecorp1, but I had done it before, so, wanted to show the Green check. Smile

Not sure you noticed how long it took? Faster than installing a DC, isn’t it?

You have to activate the synchronization:

image

Then download the the sync tool:

image

Keep going…

image

And BANG! Pre-requisites.

image

I have added it here. Note that I have used a DC I have for my domain, running in Azure. Not local. Doesn’t really matter,although it is not recommended to run on a DC (just for lab purposes).

image

Now it is a go!

image

Click Accept then Next.

For some strange reason, the setup takes a long time…(elevator music…)

Finally! After what it felt like 3 days and a half, there you go:

image

Click Finish and let’s start configuring:

Read the Welcome screen and Click Next

I had a user called azureadmin@fehsecorp.onmicrosoft.com and I will use this account.

image

My on-premises AD Admin:

image

Click Next, Next.

image

Next.

And there it is:

image

Error.

Hum. I thought it could be I didn’t run it as administrator after I had the pre-reqs installed  but it seems that you have to logoff in order for new group memberships to take effect.

Once I did that, there you:

image

Now let’s try it:

image

You have to check event viewer if you want to be in the know immediately.

A couple of minutes later, there you go!

image

Not that hard, eh?

Let’s try logging in as John.Doe, a user I had in my local directory:

image

And it works! The screen below is expected, since I haven’t granted any rights to this user:

image

If you want to make it right, you will have your domain properly configured, in order to provide single sign-on and a consistent experience for you end user.

 

Hope this helps!