Azure ADConnect Tool Installation – ( In-Details )
Azure AD is PaaS or IDaaS . Where we can use Azure AD for authentication and authorization for our cloud app . But to work with it you may need to sync your ADDS user to Azure AD . To do this sync Microsoft provide a tool called AD Connect . In this post I am going to talk about AD connect tool and it’s installation procedure .
Before move to synchronization part let me tell how what is authentication and authorization , and how we configure authentication in on-prem.
In digital world we work with people and devices . Where managing people means understanding people’s identity and authenticity and tell them what they can do . Also we need a central management point from where we can manage the entire environment . To do this we deploy domain environment . Domain is a logical security boundery where all computer or devices follow rules created by domain controller . Domain Controller is that computer where we have installed ADDS role . ADDS – Active Directory Domain Service is role in windows server help to create domain environment . In short we install ADDS in a windows server along with DNS to create Domain environment . When we try to create first domain it also create a forest . Forest is collection of domain + tree domain + child domain . This domain environment help you to Authenticate + Authorise + Account user in your domain environment . So this is a solution in your on-prem environment and computer connected with LAN .
Microsoft tried to find out a new way to autheticate users to use any cloud application like Office365,Azure,SharePoint Online,Exchaneg Online etc . Now cloud application means any application that you use through browser . Obviously after opening the browser you have to provide username and password , now who will authticate those user and how . To give best + secure + reliable answer Microsoft bring Azure AD . Azure AD is PaaS or you can say it’s a IDaaS . The job of Azure AD is provice authtication and authorization to use cloud application . Whenever you will provide your cloud user details to login page it will reach to Azure AD and AAD will authticate you based on your settings . What does this seetings mean ?
- First you can send your user details and Password to Azure AD
- 2nd you can user pass-through authenticaon
- or you can use ADFS server or claim based or token based authtication
To configure any settings you have to use Azure AD Connect tool . Azure AD connect is a Microsoft Official tool that will help you sync user to Azure AD from your ADDS .
Here is step by step guide to install AD connect .
Password Sync :
Password synchronization is a feature used to synchronize user passwords from an on-premises Active Directory instance to a cloud-based Azure AD instance. Use this feature to sign in to Azure AD services like Office 365, Microsoft Intune, Dynamics 365 Online, and Azure AD Domain Services (Azure AD DS). You sign in to the service by using the same password you use to sign in to your on-premises Active Directory instance.
Pass-through Authentication :
Azure AD pass-through authentication provides a simple solution for performing password validation for Azure AD services against your on-premises Active Directory. There’s no need for a complex network infrastructure, and you don’t need to store on-premises passwords in the cloud. When combined with single sign-on, users do not need to type their passwords to sign in to Azure AD or other cloud services, which provides these customers with a truly integrated experience.
ADFS :
If you want more control over how users access Office 365, you have the option to set up directory synchronization with single sign-on (SSO) using Active Directory Federation Services (AD FS). Also called identity federation, this sign-in method ensures all user authentication is controlled on-premises and allows administrators to implement more rigorous levels of Office 365 access control. Identity federation with AD FS requires deploying additional servers in your environment. Identity federation also commits you to providing 24×7 support for your Active Directory and AD FS infrastructure. This high level of support is necessary because if your on-premises Internet access, domain controller, or AD FS servers are unavailable, your users will be unable to sign in to Office 365 services.
Now based on your company requirement you have choose between this four option . AAD connect tool will install a local sql db as a staging environment . Where it will change the structure of users . Because ADDS follow X.500 structure and Azure AD follow a free or flat structure . Along with AD connect it will also install Azure AD sync engine to main the sync cycle .
If you face any challenge due to UPN , use active directory users and trust to provide another verified UPN .
Now let’s continue with next steps .
Now we are down with AD connect installation . Always remember latest sync cycle time is 30 min . But if user changed there password in on-prem or ADDS that will be updated immediately .
About Sync Cycle :
Full Sync and Delta sync .
IDFix : IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure Active Directory. Click Here to download IDFiX tool .