Lets go through Azure Active Directory and build a lab to test the features and functionalities. (Quick Overview)
- Install and configure Azure AD Connect
- Use Azure AD Connect to integrate Azure AD with your on-premises AD
- Use Azure AD to authenticate with SaaS services
- Cloud AD Discovery (It’s an Azure Active Directory Premium feature , if you don’t know what are the SaaS services your users are using ,you can deploy a agent on all the windows machines and get analytics out of the azure dashboard to decide on what all the applications you can use from the Azure Active directory application gallery (To get Single Sign On).)
Step 1 –
Need a Azure trial account – As it don’t have a On-premises server with Public IP . I will be building a lab on the cloud so that I can test the azure active directory.
New – Security + Identity – Creating a New Azure Active Directory –
Step 2 –
Now Login to the portal – Go to Active directory . As this point of time you have to switch back to the old portal to create a new active directory.
Azure Portal – Active Directories – Default Directory.
You can use the default active directory or create a new active directory in my case am create a new one. Using the default shouldn’t be an issue.
- Add a New Directory
- Creating a new azure administrator
Verifying my Azure administrator credentials –
Step 3 –
Preparing Azure Directory Sync Server – (Assuming it as a On-prem Active Directory Server)
Create New Server
Updated Endpoints – Win2012R2AD.cloudapp.net:3389
to Remote desktop (Optional as I remember only 3389.)
Installed Active Directory on the Azure VM Created.
How to Install Active Directory on 2012 R2 –
Download the latest Azure Active Directory Connect –
Run the Setup Azure Active Directory Connect Server –
Doing a default installation.
Entering my Azure Active directory administrator credentials
entering my local domain controller credentials
To do a force sync you have to browse to
C:\Program Files\Microsoft Azure AD Sync\Bin>DirectorySyncclientcmd.exe delta
Step 4 –
Now you can add the domain in the azure active directory.
Adding the Domain
It will ask you to verify the domain with an txt record add it . wait for sometime so that you can verify the domain and set it as an default domain
Step 5 –
Using an Application “Twitter” for Single Sign ON
Using an Application “Twitter Deck”
Using an Application “Sales Force” with Microsoft Azure AD Single-ON with Azure Federation.
- Azure Federation
- Password Sync
- Active Directory Federation Services Single Sign On
Enter the Sales force URL –
Login to Sales force and Enable SAML –
Enable Azure SSO
Using an Application “Digicert”
Just enter the Credentials Manually when you add the application from gallery.
End user can use – To get the azure active directory portal.
Azure Active Directory Premium provides Multi factor Authentication –
AppStore – Iphone Azure Authenticator in my case
Call or Text
My Apps – Azure Active Directory
When you disable the Active directory account from the on premises for testing.
To test password write back features . (Azure Active Directory Premium Feature)
Enabling Password reset –
Activity Reports –
Adding Cloud App Discovery for analytics
Upgrading Azure Active directory free to Premium –
Open Azure AD Connect in the Active directory server –
Check Password writeback –