Active directory journey to the cloud, Part-2: Azure AD & AD Integration
Introduction
This document is in continuation with the previous document which mentions the prerequisites to be in place before implementing the AD integration.
In this document we will discuss the below points:
- Prerequisites
- Workflow
- Summary
- Alias
- References
Prerequisites
- Azure Account- Can use pay as you go or free trial Azure account as well.
- Custom Domain Name- You can purchase any custom domain name through any domain provider such as freenom.com, godaddy.com and many more.
- Kindly refer the Part-1 of this article before going through this document.
Workflow
We will follow the steps mentioned below for implementing the AD integration.
1. Adding the custom domain at the Azure AD level and configure AD synchronization
- Add our custom domain to the Azure AD and verify it by adding the TXT record provided in the public DNS zone.
- Add the TXT record to our custom DNS zone so that the Azure AD will be able to verify our domain.
- Click on the verify button in the Azure AD.
- If Azure AD successfully verifies the details, you will get the verification succeeded message as shown below.
- Create a user with Enterprise Admin role in our custom on-premise AD. Navigate to the tools section in the server manager and then select AD users and computers. Click on our domain and then select add user.
Note- For configuring the AD sync between on-premises AD and the Azure AD, the user needs to have the Enterprise Admin access at the on-premise AD and Global Admin access at the Azure AD level.
- Create a user with a Global Admin role in the Azure AD.
- Download and configure the AD sync agent on the AD Connector VM.
https://www.microsoft.com/en-us/download/details.aspx?id=47594
- Use the same global user credentials which we created in the previous step in Azure.
- Use the same enterprise admin user credentials which we created in the previous step in on-premise AD.
- Once the on-premise AD is synced with the Azure AD, we can see the on-premise user in the Azure AD users tab and the default synchronization method will be password hash synchronization.
Summary
Through this article, we were able to integrate the on-premise AD with the Azure AD using a custom domain. The article also explains the usage of DNS zone, one of the resources of Azure.
Alias
- AD - Active Directory
- DNS - Domain Name Service
- NS - Name Server Record
- SOA - Start Of Authority Record
- VM - Virtual Machine
References
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization
