UPDATE: AD Connect is now on Public Preview 2 and in “Pilot Mode” 20/03/2015
There are currently various tools to allow administrators to integrate their on-premises AD environments with Azure depending on organisational requirements. Microsoft recently released another tool which is currently in public preview that could potentially take the place of them all!
Azure AD Connect is a simple, integrated tool for connecting your existing Windows Server Active Directory with Azure Active Directory. Azure AD Connect has the ability to connect your on-premises AD to Azure AD with as few as 4 clicks, but also the ability to allow a much more customised configuration if required.
Microsoft boast “Now you can get started using Azure AD in under an hour, no new hardware required!”
NOTE: The preview available at the writing of this post, does NOT support production deployments in this release. It is suggested that the next release will support production deployments. Azure AD Connect also allows an administrator to configure a Exchange Hybrid deployment, password change write-back, AD FS and Web Application Proxy.
- Azure Subscription with AD
- Azure AD Global Administrator account
- On premises Domain Administrator Account
- Download the AD Connect install HERE
The first step to the process is to download the AD Connect tool to the machine from which the Sync will be run. The link for the AD Connect tool can be found in the prerequisites above.
Using a Domain Administrator account, run the AD Connect tool. On the first window, check the box to agree to the licensing terms, then click Continue.
The next windows lists the prerequisites that require installing, so just click Install if your happy for the tool to begin downloading and installing these prerequisites.
The next window is where the tool requires the details of an Azure AD account. The Azure AD Account must be of a Global Administrator role. The credentials are used for the configuration process and the account and password are not stored or used once the wizard has been run.
The following window gives you the option to use the Express settings or Customize your configuration. For the purpose of this post I have chosen to use the Customize option, but will not be configuring all the options this makes available.
If selecting the Customize option, the next window gives you the ability to choose the sign-in experience.
After choosing the sign-in experience, the next window is used to enter the connection information for your on premises directories or forests.
Once the directory details have been input, click Add Directory to add the directory to the Azure AD Connect tool. Then click Next.
The next window gives the ability to choose one of the two current optional features. Either Exchange hybrid deployment or Password write-back.
The next window gives the options available to choose from to select how users should be identified in your on premise directories.
Configure the preferred Source Anchor and User Principle Name attributes in the next window.
The next screen is the Review Options window. Check the Start the synchronization as soon as the initial configuration completes if this is what you require. Then click Install.
Once the install is complete the wizard will display the Configuration Complete screen below. At this point the basic install and integration between your on premises and Azure AD is complete.
Testing the on premises integration with Azure AD
To test the integration and sync is working, create a new on premises AD account using Active Directory Users and Computers and check that the user is synchronised and appears in Azure AD.
Once the user account has been created you need to wait for a sync to happen. If you wish to perform a manual/forced sync, you can use the “DirectorySyncClientCmd.exe” application.
- Launch PowerShell
- Navigate to C:\Program Files\Microsoft Azure AD Sync\Bin
- Run “DirectorySyncClientCmd.exe” using the “initial” or “delta” command depending on if you require an initial sync or a delta sync
Once the synchronisation has completed, either naturally or forced, the test user should appear in Azure AD.
For another quick check, browse to the Directory Integration tab of the Azure AD settings and you will see that Directory Sync is now enabled and when the Last Sync was run.
Obviously there is a lot more to be able to configure and tweak as required but hopefully this post will give you a quick insight into Azure AD Connect and the power and simplicity its beginning to offer.