AD Synchronization

Step by Step Guide

Introduction

I am Microsoft Expert, Certified Trainer, Specialist and Certified Professional with 6+ year of I.T industry

Experience.

Certified in Microsoft Solutions Expert (MCSE): Messaging & Productivity, Microsoft Certified Trainer

(MCT), Microsoft Certified Solutions Associate (MCSA) in Office 365, Hyper-V, Microsoft Azure, MCP, MTA,

MCS and overall 27+ certifications.

I have Master of Science (MS) Field Of Study Computer Science.

Office 365: Administering Office 365 Accounts, Office 365 Single Sign on (SSO), Implementing Direct Sync,

and Troubleshooting Sync Issues, Implementing SMTP Servers, Hybrid Deployments with Exchange 2010

SP3, 2013, 2016. Implementing ADFS Infrastructure. Email migration through Coutover, IMAP and PST

Method.

Azure: Manage hosting plans, Deploy workloads on Azure virtual machines (VMs), Implement images and

disks, Perform configuration management, Configure VM networking, Configure VM resiliency, Design and

implement VM storage, Monitor VMs, Configure cloud services and roles, Deploy and manage cloud

services, Monitor cloud services, Implement blobs and Azure files, Manage access, Configure diagnostics,

monitoring, and analytics, Implement SQL databases, Implement recovery services, Integrate an Azure AD

with existing directories, Configure the Application Access Panel, Integrate an app with Azure AD,

Integrate an Azure AD with existing directories, Configure the Application Access Panel, Integrate an app

with Azure AD etc.

Email: abdullah_binaltaf@hotmail.com

LinkedIn: https://www.linkedin.com/in/abdullahbinaltaf

Twitter: @abdullahaltaf09

Blog: http://microsofttechnologie.blogspot.com/

Why use Azure AD Connect Integrating your on-premises directories with Azure AD makes your users more productive by providing a common identity for accessing both cloud and on-premises resources. Users and organizations can take advantage of the following:

Users can use a single identity to access on-premises applications and cloud services such as Office 365.

Single tool to provide an easy deployment experience for synchronization and sign-in. Provides the newest capabilities for your scenarios. Azure AD Connect replaces older versions of

identity integration tools such as DirSync and Azure AD Sync. For more information, see Hybrid Identity directory integration tools comparison.

How Azure AD Connect works Azure Active Directory Connect is made up of three primary components: the synchronization services, the optional Active Directory Federation Services component, and the monitoring component named Azure AD Connect Health.

Synchronization - This component is responsible for creating users, groups, and other objects. It is also responsible for making sure identity information for your on-premises users and groups is matching the cloud.

AD FS - Federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. This can be used by organizations to address complex deployments, such as domain join SSO, enforcement of AD sign-in policy, and smart card or 3rd party MFA.

Health Monitoring - Azure AD Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity. For additional information, see Azure Active Directory Connect Health. Prerequisites for Azure AD Connect

Azure AD Connect must be installed on Windows Server 2008 or later. If Active Directory Federation Services is being deployed, the servers where AD FS or Web

Application Proxy will be installed must be Windows Server 2012 R2 or later. Directory Sync Install on Domain Controller or Domain Join Machine

Configure sync features Azure AD Connect comes with several features you can optionally turn on or are enabled by default. Some features might sometimes require more configuration in certain scenarios and topologies. Filtering is used when you want to limit which objects are synchronized to Azure AD. By default all users, contacts, groups, and Windows 10 computers are synchronized. You can change the filtering based on domains, OUs, or attributes. Password synchronization synchronizes the password hash in Active Directory to Azure AD. The end-user can use the same password on-premises and in the cloud but only manage it in one location. Since it uses your on-premises Active Directory as the authority, you can also use your own password policy. Password write back will allow your users to change and reset their passwords in the cloud and have your on-premises password policy applied. Device writeback will allow a device registered in Azure AD to be written back to on-premises Active Directory so it can be used for conditional access. The prevent accidental deletes feature is turned on by default and protects your cloud directory from numerous deletes at the same time. By default it allows 500 deletes per run. You can change this setting depending on your organization size. Automatic upgrade is enabled by default for express settings installations and ensures your Azure AD Connect is always up to date with the latest release. Azure AD supports the following four directory integration scenarios: Directory synchronization is also referred to as directory sync. Once directory sync has been

set up, administrators can manage directory objects from your on-premises Active Directory and those changes will be synchronized to your tenant. In this scenario, your users will use different user name and passwords to access your cloud and on-premises resources.

DirSync with Password Sync – Used when you want to enable your users to sign in to Azure AD and other services using the same user name and password as they use to log onto your corporate network and resources. Password sync is a feature of the Directory Sync tool.

DirSync with Single Sign-On - Used to provide users with the most seamless authentication experience as they access Microsoft cloud services while logged on to the corporate network. In order to set up single sign-on, organizations need to deploy a security token service on-premises, such as Active Directory Federation Services (AD FS). Once it has been set up, users can use their Active Directory corporate credentials (user name and password) to access the services in the cloud and their existing on-premises resources.

Multi-forest - DirSync with Single Sign-On - Used to provide users with the most seamless authentication experience as they access Microsoft cloud services while logged on to the corporate network. In order to set up single sign-on, organizations need to deploy Active Directory Federation Services (AD FS) as security token service on-premises. Once it has been set up, users can use their Active Directory corporate credentials (user name and password) to access the services in the cloud and their existing on-premises resources.

Simple AD Connect Installation

Add Azure add details

It take 1 minutes or 45 second to connect and configure

Customize Option

Select the app that you don’t want to use there are 100 attribute by default you can change it.

Intune

Domain admins and local admin in local machine User name and password

For new domain choice