ON-PREMISES AZURE AD INTEGRATION WITH MICROSFOT AZURE AD USING AZURE AD CONNECT (HYBRID INDENTITY MANGEMENT)
(AZURE PROJECT -1)
ร Project
An IT services Provider Company PRAfect Systems Inc. is engaged into providing software development solutions. Currently, they are working on Hybrid model so some of the legacy applications are running on On-Premises and some workload running on Azure Cloud.
There are numerous applications which are trying to access few of the services from SAAS which is part of Hybrid infrastructure model and, hence the IAM plays an essential role here to grant access and do integration.
At the present, management is struggling to find a Hybrid IAM access management solution which allows and sync an On-Premises identity with Microsoft Azure Cloud and thatโs where the Azure AD Connect comes to rescue.
ร Solution:
What is Azure AD Connect?
Azure AD Connect is an on-premises Microsoft application thatโs designed to meet and accomplish your hybrid identity goals. If youโre evaluating how to best meet your goals, you should also consider the cloud-managed solution Azure AD Connect cloud sync.
Azure AD Connect Features:
รผ Password hash synchronization
รผ Pass-through authentication
รผ Federation integration
รผ Synchronization
รผ Health Monitoring
Azure Active Directory (Azure AD) is a cloud-based multi-tenant directory and identity service. This reference architecture shows best practices for integrating on-premises Active Directory domains with Azure AD to provide cloud-based identity authentication.
Organizations can use Azure AD if they are โpure cloud,โ or as a โhybridโ deployment if they have on-premises workloads. A hybrid deployment of Azure AD can be part of a strategy for an organization to migrate its IT assets to the cloud, or to continue to integrate existing on-premises infrastructure alongside new cloud services.
Historically, โhybridโ organizations have seen Azure AD as an extension of their existing on-premises infrastructure. In these deployments, the on-premises identity governance administration, Windows Server Active Directory or other in-house directory systems, are the control points, and users and groups are synced from those systems to a cloud directory such as Azure AD. Once those identities are in the cloud, they can be made available to Microsoft 365, Azure, and other applications
Why use Azure AD Connect?
Integrating your on-premises directories with Azure AD makes your users more productive by providing a common identity for accessing both cloud and on-premises resources. Users and organizations can take advantage of:
รผ Users can use a single identity to access on-premises applications and cloud services such as Microsoft 365.
รผ Single tool to provide an easy deployment experience for synchronization and sign-in.
On-premises AD DS server. An on-premises directory and identity service. The AD DS directory can be synchronized with Azure AD to enable it to authenticate on-premises users.
At the present there are many groups and users are running on On-Premises Active Directory Server which needs to be allowed accessibility on the Microsoft Azure Cloud hybrid identity management
ร Description
This project was a challenge project for to deploy Hybrid identity management on Azure. The task was to manage On-Premises identity to integrate with Azure Cloud using Hybrid Identity Management service using Microsoft Azure AD Connect.
Task 1: In order to deploy and configure domain controller one has to require a registered and verified domain. DNS: prafect.cloud
Task 2: Once the domain is registered needs to go to Azure Cloud Active Directory service and verify the custom domain using the appropriate service.
Task 3: There has to deploy a Windows Server 2019 Datacenter on VMware machine which would On-Premises domain controller host machine which is hosting a DNS server and managing On-Premises Active Directory services.
Task 4: Thereafter install a Roles and features using Server Manager which would be installing a AD FS service feature, and then needs to configure a Active Directory Service installation.
Task 5: Then it has to create some user group and users which would be synced from On-Premises to Azure Cloud using Azure AD Connect service.
Task 6: Once users are created it has to configure Azure AD Connect and configure a new forest using custom DNS: prafect.cloud and select a active directory service for sync, and finish the process which would start syncing the On-Premises users to Azure Cloud.
Task 7: Go to Azure Cloud and verify that the On-Premises groups and users have been synced successfully and displayed under the respective section.
ร Project Cost Estimation:
(Note: This cost is Not any actual cost, itโs just an estimation based on high level requirement. Price may be vary based on adding and removing services based on requirement.)
https://docs.oracle.com/en-us/iaas/Content/Identity/federating/federating_section.htm
ร Tools & Technologies covered:
VMware Hypervisor
Windows Server 2019 Datacenter
Azure Cloud
Azure AD Tenant
Azure AD Connect
On-Premises AD DNS Server
On-Premises Active Directory Service
Azure AD Connect sync server
ร Solution Architecture:
This migration project will be completed in following implementation phases.
ร Project implementation Phase:
Phase 1: Verify DNS on Azure Portal
Phase 2: Create Azure cloud test users on Azure Portal
Phase 3: Deploy On-Premise Active Directory Service
Phase 4: Create On-Premise groups and users
Phase 5: Deploy Azure AD Connect on On-Premise DC
Phase 6: Verify and validate that On-Premise Group and users have synced to Azure Cloud
ร Pre-requisite:
1) Registered domain: Prafect.cloud
2) On-Premise Windows Domain Controller running on the domain name
3) On-Premise Test users on Windows DC server
4) Azure portal account
o Active Directory Admin user: Global Administrator
ร Implementation:
Phase 1: Verify DNS on Azure Portal
1. Go to Azure Active Directory โ custom domain
2. Add TXT record to Domain registrar account
3. Verify DNS from Azure Portal custom domain
Phase 2: Create Azure cloud test users on Azure Portal
1. Create Global Admin active directory user
2. Create few azure cloud test users
Phase 3: Deploy On-Premise Active Directory Service
1. Go to Vmware and deploy window server 2019 vm
2. Go to Server Manager โ Manage โ Add Roles and Features
3. Add Feature โ Select โActive Directory Domain Servicesโ
4. Verify that AD DS service is installed
5. Add New forest โ prafect.cloud and finish the installation
Phase 4: Create On-Premise groups and users
1. Go to Tools โ Active Directory Users and Computers
2. Create a new group name: office365
3. Create a new users
a. Praful Patel
b. Alex Smith
c. John Doe
4. Assign users to group: office365
Phase 5: Deploy Azure AD Connect on On-Premise DC
1. Go to On-Premise Windows 2019 DC server
2. Using Browser โ Login to Azure Portal
3. Go to Active Directory service- Default domain name โ Download Azure AD Connect
4. Install Azure AD Connect
5. Connect to Azure AD using Azure Admin user โ Global administrator
6. Connect to Active Directory using existing AD Account user
7. Finish the Azure AD Connect sync process
Phase 6: Verify and validate that On-Premise Group and users have synced to Azure Cloud
1. Go to On-Premise Windows 2019 DC server
2. Go to My PC โ Properties โ validate that custom domain displayed
3. Go to Azure Portal โ Active Directory service
4. Validate that new Group: office365 synced from On-Premise to Azure cloud
5. Validate that new users synced from On-Premise to Azure Cloud
a. Praful Patel
b. Alex Smith
c. John Doe
ร Implementation in an Action:
Phase 1: Verify DNS on Azure Portal
4. Go to Azure Active Directory โ custom domain
5. Add TXT record to Domain registrar account
6. Verify DNS from Azure Portal custom domain
Search for Azure Active Directory
Go to option: Custom domain names
Go to Domain Registrar where your domain is registered
Click to Add custom domain
Go to DNS hosted zone account and add TXT record
Verify Domain from Azure
Phase 2: Create Azure cloud test users on Azure Portal
Create Global Admin active directory user
User name: adadmin
Pass: test@123456
Click to โ Group: Global Administrator
Click to Create
Create Global Admin active directory user
Users created
Phase 3: Deploy On-Premise Active Directory Service
1. Go to Vmware and deploy window server 2019 vm
2. Go to Server Manager โ Manage โ Add Roles and Features
3. Add Feature โ Select โActive Directory Domain Servicesโ
4. Verify that AD DS service is installed
5. Add New forest โ prafect.cloud and finish the installation
On-Prem Domain Controller
Verify that AD DS service is installed
Add a New Forest : prafect.cloud
Provide password
test@123456
Phase 4: Create On-Premise groups and users
1. Go to Tools โ Active Directory Users and Computers
2. Create a new group name: office365
3. Create a new users
a. Praful Patel
b. Alex Smith
c. John Doe
4. Assign users to group: office365
Click to add โ Active Directory Users and Computers
Create Groups and Users
Phase 5: Deploy Azure AD Connect on On-Premise DC
1. Go to On-Premise Windows 2019 DC server
2. Using Browser โ Login to Azure Portal
3. Go to Active Directory service- Default domain name โ Download Azure AD Connect
4. Install Azure AD Connect
5. Connect to Azure AD using Azure Admin user โ Global administrator
6. Connect to Active Directory using existing AD Account user
7. Finish the Azure AD Connect sync process
Go to Azure Portal
Download Azure AD Connect
User: adadmin@prafect.cloud
Pass: cloud@123456
On Premises Active Directory user name
User: praful365
Pass:test@123456
Azure users
Azure Groups
Phase 6: Verify and validate that On-Premise Group and users have synced to Azure Cloud
1. Go to On-Premise Windows 2019 DC server
2. Go to My PC โ Properties โ validate that custom domain displayed
3. Go to Azure Portal โ Active Directory service
4. Validate that new Group: office365 synced from On-Premise to Azure cloud
5. Validate that new users synced from On-Premise to Azure Cloud
a. Praful Patel
b. Alex Smith
c. John Doe
Verify after Sync the users and groups have been displayed into Azure portal
On-Premises Groups and users
Users synced from On-Premise to Azure Cloud
Groups synced from On-Premise to Azure Cloud
Create a new user from On-Premise
Azure Portal before Sync
Monitor Sync process using PoweShell
1.Verify that sync process time.
Get-ADSyncScheduler
2. Manually start the synchronization To start the initial synchronization run this cmdlet: Start-ADSyncSyncCycle โ PolicyType Initial
New user synced successfully to Azure Cloud
Congratulations!!!! ๐ฅ๐
