Upload
others
View
19
Download
0
Embed Size (px)
Citation preview
Step by Step AD-Connect
Configuration
Prepared By: Mohammad Asmayal Jawad
Date: November 2017
linkedin.com/in/asmayal/
Step by Step AD-Connect
Page | 2 OF 14
Table of Contents
Azure AD Connect ........................................................................................................................................ 3
Download Azure AD Connect ...................................................................................................................... 3
AD Connect Setup ........................................................................................................................................ 4
Power Shell Tips for AD Sync Management .............................................................................................. 13
AD full Sync .............................................................................................................................................. 13
Scheduler Configuration ........................................................................................................................ 14
AD Sync Cycle Services ........................................................................................................................... 14
Monitor AD Sync Engine, ....................................................................................................................... 14
References ................................................................................................................................................. 14
Step by Step AD-Connect
Page | 3 OF 14
Azure AD Connect
Azure AD Connect will integrate your on-premises directories with Azure Active Directory. This allows
you to provide a common identity for your users for Office 365, Azure, and SaaS applications
integrated with Azure AD.
Download Azure AD Connect
Locate and download Microsoft Azure Active Directory Connect tools from Microsoft website,
Azure Portal, or O365 Portal and install it.
Step by Step AD-Connect
Page | 4 OF 14
AD Connect Setup
Azure AD Connect Custom settings is used when you want more options for the installation. It is
used if you have multiple forests or if you want to configure optional features not covered in the
express installation.
Step by Step AD-Connect
Page | 5 OF 14
When you install the synchronization services, you can leave the optional configuration section
unchecked and Azure AD Connect sets up everything automatically. It sets up a SQL Server 2012
Express LocalDB instance, create the appropriate groups, and assign permissions.
Step by Step AD-Connect
Page | 6 OF 14
After installing the required components, you are asked to select your users single sign-on method.
On the Connect to Azure AD screen, enter a global admin account and password.
Step by Step AD-Connect
Page | 7 OF 14
To connect to your Active Directory Domain Service, Azure AD Connect needs the forest name and
credentials of an account with sufficient permissions.
Step by Step AD-Connect
Page | 8 OF 14
This page allows you to review the UPN domains present in on-premises AD DS and which have been
verified in Azure AD. This page also allows you to configure the attribute to use for the
userPrincipalName
By default all domains and OUs are synchronized. If there are some domains or OUs you do not want
to synchronize to Azure AD, you can unselect these domains and OUs.
Step by Step AD-Connect
Page | 9 OF 14
Select how users should be identified in your on-premises directories
The filtering on groups feature allows you to sync only a small subset of objects for a pilot.
Step by Step AD-Connect
Page | 10 OF 14
This screen allows you to select the optional features for your specific scenarios.
For each forest that has been added in Azure AD Connect, you will need to supply Domain
Administrator credentials so that the computer account can be created in each forest.
Step by Step AD-Connect
Page | 11 OF 14
Step by Step AD-Connect
Page | 12 OF 14
Step by Step AD-Connect
Page | 13 OF 14
Power Shell Tips for AD Sync Management
Import-Module ADSync
AD Delta Sync
Delta (Differential) sync is a type of synchronization technology that will onlysynchronize parts of a
file that have been updated or changed.
Start-ADSyncSyncCycle -PolicyType Delta
AD full Sync
Start-ADSyncSyncCycle -PolicyType initial
Step by Step AD-Connect
Page | 14 OF 14
Scheduler Configuration
To see the current configuration settings.
Get-ADSyncScheduler
AD Sync Cycle Services
To stopping ad Sync Services
Stop-ADSyncCycle
To Start AD Sync Services
Start-ADSyncCycle
Monitor AD Sync Engine,
You can also monitor the sync engine to see if it is busy or idle. This cmdlet returns an empty result if
the sync engine is idle and is not running a Connector. If a Connector is running, it returns the name
of the Connector.
Get-ADSyncConnectorRunStatus
References
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect