In this manual I am going to explain how to install and setup a connection between on-premise Active Directory and Azure AD.
- Office 365 Tenant with an Office 365 Admin account
- Active Directory Server with AD Enterprise administrator permissions
- AD Connect tool, download link: https://www.microsoft.com/en-us/download/details.aspx?id=47594
STEP 1: First we will need to install AD connect. Run the setup wizard and follow the steps, this is an easy process. After installation the configuration wizard starts, and this is where it gets interesting.
STEP 2: Let’s go through the wizard, first agree with the license terms and click Continue. Feel free to actually read the license terms 🙂
STEP 3: If you want to use your own SQL server, or use a precreated service account you should choose Customize. But if you want the wizard to install a local database and create a service account for you, you should choose Use express settings. This is where we go for in this manual. If you have a non-routable domain like I do, we will need to make some extra adjustments on the user end. Click on Use express settings
STEP 4: In this step we will connect to Azure AD with a global admin account. In my case I’ve temporarily granted global admin rights to my user account.
STEP 5: Now we will need to connect to your local active directory domain with and Enterprise Administrator account. You can either use your own account, or a special temporary account just for this task, like I did.
STEP 6: Now verify if your domains are available in Office 365. If you need to add a UPN suffix, you can do that in step 7, if you already have what you need, go to step 8.
STEP 7: If you want to add a DNS suffix, go to your Active Directory Domains and Trusts console, right click on the console top, and click on Properties.
Now add your domain and refresh your screen in step 6.
STEP 8: Next step is to review your configuration and run the installation.
When completed, you should see a screen like this with some recommendations. Please make sure to check them all.
Some valuable information is that in the background a scheduled task is created to sync all AD objects every 30 minutes. Passwords will be synced every few minutes, depending on the number of objects in your Active Directory.
If you need to force a sync, you can do that by running some commands. you can find them in this manual: https://www.2azure.nl/2019/07/10/ad-connect-force-synchronization/