In this video, Pete Zerger demonstrates installation of Azure AD Connect to implement the synchronized identity model, as well as how to view the sync rules created by the Azure AD Connect installer. Learn how to install Azure AD Connect, and where to fin
- [Instructor] When you have a single forest topology, and password synchronization for authentication, we can use Azure AD Connect Express Settings for integration of our on-premises directory with Azure AD which implements the synchronized identity model. I've already downloaded Azure AD Connect from the Microsoft Download Center, and express settings is actually the default option because it's used for the most commonly deployed scenario. Before you start installing Azure AD Connect, do make sure to complete the prerequisite steps in the hardware and prereqs page.
Basically, you need an Azure AD Connect installer which we've downloaded and a virtual machine, preferably not a domain controller, and internet connectivity from that VM on ports 80 and 443. So I'm logged in as a local administrator on the server where I want to install Azure AD Connect. This is a server that will be our sync server. I've launched the MSI and on the welcome screen I'll select the box here agreeing to the licensing terms and click continue. Now on the express settings screen, I'll click use express settings.
Now just a quick note, if the express settings don't match your topology single active directory forest, synchronized identity model, then you'll need to go to the custom installation option which lies beneath the customize button that you saw there. First you'll want to review the related documentation on the Microsoft site to find the configuration that best fits your scenario. On the connect to Azure AD screen we'll enter the username and password of a global administrator for our Azure AD environment.
Now this should be an Azure AD user, not a Microsoft account as you may have used to sign up for your trial. The wizard will check your password before proceeding to the next screen so you'll know if you've made a mistake. On the Connect to AD DS screen, or Active Directory Domain Services screen we'll enter a username and password for an Enterprise admin account in our on-premises active directory. It's quite common in organizations that no one is a member of this group by default.
You'll definitely want to check with your administrators to make sure you have that enterprise admin's membership before proceeding. We'll click next to continue. And now we are ready to configure. And you'll notice that I'm leaving checked the Start the synchronization process when configuration complete. So as soon as the installer is complete it will begin that express synchronization process that will take my users from my on-premises active directory and synchronize those user accounts and hashes to Azure Active Directory.
Express settings will install all of the default options for me. Should take about five minutes. And now our configuration is complete. And the sync rules have already begun in the background. It will take just a few minutes before you'll see your user account synchronized into your Azure AD environment. So I only have a handful of users, now I'll have somewhere around 325 very shortly. While we're waiting for that synchronization to complete, lets have a look at where we can see the inbound and outbound sync rules that were created by the installer.
On the start menu I'll find the Synchronization Rules Editor and we'll launch. And here I'll see inbound and outbound synchronization rules created by the installer and we'll see a number of different objects types that are included here, including user accounts, mail enabled contacts, foreign security principles. So there's a lot of work done in the background for you. And what's coming inbound from Azure AD depends on our write-back selection such as password write back, device write back, and group write back.
Password write-back is that setting that gives us single sign-on across on-premises and cloud resources. Group write-back enables a hybrid exchange scenario where groups mastered in Azure are written back to your on-premises active directory. While you can edit rules in the Azure AD Connect synchronization rules, Microsoft recommends that you rerun setup so Azure AD Connect's installer can handle some of the configuration details for you where possible.
We'll exit the rules editor and in just a moment we should see those user accounts synchronized to our Azure AD. So a couple of minutes have passed, the express settings have been put in place and the initial sync completed. We should see our users now, in our active directory. And we'll refresh our screen and there we are. In just a few clicks Azure Active Directory Connect Express settings have helped us implement the synchronized identity model.
In this course—the first in the series—Microsoft MVP Pete Zerger takes you through the basics of setting up endpoint protection. He begins by explaining how to set up Azure Active Directory Premium. Next, he goes into enabling multi-factor authentication, followed by setting conditions for secure access. To wrap up, Pete covers managing mobile devices with Intune, and publishing applications with Azure AD App Proxy.
- Setting up Azure Active Directory for an organization
- Enabling user-level and application-level multi-factor authentication
- Setting conditions for secure access
- Planning a mobile device management (MDM) strategy
- How Intune (standalone) MDM works
- How Intune mobile application management works
- Publishing applications with Azure AD App Proxy
- Assigning users and groups