Microsoft Azure Active Directory is a great resource to provide instantaneous authentication options for Web application and resources. Very often, though, you already have your local directory, with users that already their own passwords. Fear not! Active Directory Sync tool to the rescue!
Here go some simple steps I did to set it up in my lab, mistakes included. I’m really glad when I can troll through some like that and bump my head against the walls. That’s when you learn! (or when you get a concussion…). But anyways, here they go.
Let’s start by creating an Azure Directory.
I have actually used fehsecorp only, to fehsecorp1, but I had done it before, so, wanted to show the Green check.
Not sure you noticed how long it took? Faster than installing a DC, isn’t it?
You have to activate the synchronization:
Then download the the sync tool:
And BANG! Pre-requisites.
I have added it here. Note that I have used a DC I have for my domain, running in Azure. Not local. Doesn’t really matter,although it is not recommended to run on a DC (just for lab purposes).
Now it is a go!
Click Accept then Next.
For some strange reason, the setup takes a long time…(elevator music…)
Finally! After what it felt like 3 days and a half, there you go:
Click Finish and let’s start configuring:
Read the Welcome screen and Click Next
I had a user called email@example.com and I will use this account.
My on-premises AD Admin:
Click Next, Next.
And there it is:
Hum. I thought it could be I didn’t run it as administrator after I had the pre-reqs installed but it seems that you have to logoff in order for new group memberships to take effect.
Once I did that, there you:
Now let’s try it:
You have to check event viewer if you want to be in the know immediately.
A couple of minutes later, there you go!
Not that hard, eh?
Let’s try logging in as John.Doe, a user I had in my local directory:
And it works! The screen below is expected, since I haven’t granted any rights to this user:
If you want to make it right, you will have your domain properly configured, in order to provide single sign-on and a consistent experience for you end user.
Hope this helps!