Azure Active Directory | Microsoft Azure Tutorial for Beginners | Intellipaat

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Hey guys I am a Akansha and I welcome you all to this video tutorial on Azure Active Directory by Intellipaat. So Identity and Access Management is the heart of any cloud based organization and azure is no different. So configuring who can access and manage your Azure resources. Can help you keep your data safe. From unauthorized access. Data breaches ransomware and other security threat. So keeping that in mind and this video will be discussing the identity and access management solution offered by Azure that is your active directory. But before we move forward those subscribing data about the YouTube so that you never miss out on our upcoming videos. Now let's go where the agenda. Now first of we will see what is an active directory. After that we'll see what is an Azure active directory and then will compare Windows Active Directory to Azure active directory after that we will see what is a service audience of this service offered by Azure and then see the various terminologies in azure active tree. After that we would perform made us hands on where we will see how to create custom domains users and groups in azure active category. And then finally we'll have a quiz. To recap what you have learned from this video. So make sure you put your answers down in the comments section below. To know if you are Correct. Also guys if you want to become a certified as your profession then do check out and tell about your certification training course. The link is given in the description box below. So now without any further delays let's get started. Azure Active Directory is used to store and organize information about various elements of an organization's network such as computers, users, resources like printers shared files or folders. To understand this better let's consider a scenario. Let's say that you work for an organization of about 100 people. Right. So they're not like total hundred employees in our organization. And there are 150 computer systems. So and let's say that there are 5 printers. So the organization needs to keep. Obviously the organization would have to keep track of all the computer systems that are currently in use. And all the computer systems that are just sitting idle and. The systems that are spent and they will have to keep track of which employee is using which computer system or which computer system is connected to the five. printers right. And they will also need to keep a track of what kind of. Useful credentials to log in to their computers and all of the art and all of the information related to this. So that means organizations need somewhere need a database where they can actually store and organize this information right. So that database is actually called Active Directory. So usually on demise organizations when they store and organize this kind of information they call it the Active Directory. So this is what active is. Now that Now act since active directory contains all kinds of information about the organization. It contains information about. Information about users computers and resources that are part of the organization. It can actually be used to authenticate and authorize the user's. Right because it contains the credentials of the users it contains the names and all other kinds of information about the user. So you can actually use the active directory to authenticate and authorize the user. So this is what what Active Directory is all about. Now let us understand what is an azure active directory Like I've already said that as your active battery is basically inspired from this on premise activated service. But it's so much more than that as your active directory is the identity management solution for azure. It's a live directory are a database that stores using accounts and their passwords computers files shows security groups permissions and so much more. Let's again take an example to understand this a little better. Now let's say that you again work for an organization but this now this organization uses as your cloud. For all of its workload. Right. So let's say that there are multiple departments in your organization. And each and every department needs access to some different kinds of services. From azure cloud. So again your organization because you don't want your organization doesn't want employees. To be using their own personal account both personal azure account in order to be able to. Access your services. They have gone and created one parent account azure account so that it employs all of that and both can use that one single account to access and use azure services. Quick info guys if you want to become a certified as you are professional then do check out and tell above as your certification training course. The link is given in the description box below. Now let's continue with the session. Now like I've already said that. Different departments may need. Access to different kinds of services. That means let's say. That. The. Production environment doesn't need access to any machine learning services. Let's say. So if you'll give out the credential for the whole parent account and they will actually have the access to those services as well right along with the services that they actually need. So this is not very smart decision when it. Comes to the security terms because if everyone has access to every service that comes in your as your subscription then how would you know that who was using what service. Right. So. To keep a track of that what you can do you can you know you can easily create users and you can give them their own passwords and own user account so that and then you can go ahead and give them a role so that they can only access the services that they actually need. That way you will know that production department is only accessing water and machines and. Databases and. You know a cloud function and these kind of services and other departments are only accessing the services that they actually need. This way your azure subscription or your azure organizations as your account will stay safe. Right. Because there won't be any unauthorized access and you can also keep track of all of the billing. Right. So. till here. Everything seems fine. But now if you think about the number of employees. How would that work. I mean. There were there are going to be so many employees that are going to be more than hundred employees but their own user account and their own passwords to access some specific servers. And then if they want access to some other servers then they will have to you know they will have to be given another user account and another pair of password that they can access that other servers as well. So they are going to be multiple usernames and multiple passwords for all of the employees now to keep track of all of those things. Of course your I.T. admin. Your organization's I.T. admin would need active directory right now instead of just using an on premise active directory. He can directly go ahead and us use. Azure active directory because as you know it offers the service right. So I.T. admin will go ahead and. You know store all kinds of information about user accounts that passwords the computers file shares security groups permissions that they have given to every user account and so much more in that as your active battery. Now again like I said that azure active directory is an identity management solution right. That means now since it contains so much information about users. We can actually go ahead and use azure active directory for identity management books. Now that we understand what does it azure active directory in layman's terms. Let's see how azure defines azure active directory. So azure active directory is Microsoft multitenant identity solution for azure. Azure 80 is one stop solution for Core directory services for cloud. Application access management. And identity authentication solutions. That means like I said. That it is inspired from the on premise directory services. That means that for cloud it is one stop solution for core directory services right. And for application access management. Well of course like I said that it's an identity management solution. That means. You can actually use azure active direcotry to. Configure who can access your application and not. And then of course identity authentication solutions like I've already told you azure active directory Is the solution is the solution offered by azure identity authentication. Right. Now moving on. Why exactly is your active directory came into the picture like what was the need that azure felt so that it provided this service. Right. Let's first consider the scenario before Azure Active Directory. That means. The guess scenario where azure active directory does not exist. So for any service that you might want to use. You are given a set of username and password. Using which you can access that particular service. For which they use the name and password is created. Now lets say that you as an employee of the organization wanted to use database services offered a job so I.T. admin goes and creates a username and password. For you. And now you can use. Your organization's parent or tenant account. azure account to access database service but you can only access database servers using this username and password. Now lets say if you wanted a cloud function service you wanted to access the cloud function service was. So for that. Again I'd the admin had to create one more user name and password for you. And now you can use. This particular username and password to access cloud function. Quick info guys. If you want to become a certified azure professional then do it check out and Intellipaat azure certification training course. The link is given in the description box below. Now let's continue with the session. You cannot use the previous set of using in Ambassador to access cloud function because that password is that user name and password is specifically created for database service. Right now let's say that you want one more service. You want to. Access azure virtual machine. Now for that also. I T the admin had to go and create one more username and password and then. Now you can access as your virtual machine using this particular username and password. That means. If you want to access three different services from a job then you will be given three different set of username and password. Now of course it's a hassle for You to remember all. These different. Usernames and passwords but it's not just to you. It's also a very big problem for the I T admin of your. Organization. Because of course he has to manage all of the passwords all of the usernames because he needs to keep track of what username. He has already created or what password what he has already given to what use a name. And what sort of username and password goes to which employ and what are the permissions connected or related to that sort of username and password. So here he has to keep track of all of this. So of course if only one if one employee needs access to three services and there are three different sets of username and password. Of course they are going to be so many other employees as well. And they are also going to have multiple username and password because of course they're going to need to act multiple services. Right. So. This all of this becomes hassle for employees as well as the I.T. admin who has to keep track of all who has to manage all of these username and passwords. So this is when azure Active Directory comes in. Now that we have seen what was the case scenario before azure active directory Now let's move ahead and see how when azure offered its service and the management service azure active directory all of these problems got solved. Right. So after azure active directory was introduced in your organization azure active directory Your organization can actually use azure active directory. To just create a single set of username and password. Using which an employee of the organization are you. Can access any service that you want as long as the admin. Has given you the permission. Which means that now instead of creating multiple sets of username and password for. All of your. Different services. Now IT admin just has to create one username and password that belongs to you. And the IT admin can actually go in and add permissions and that same. Username and password. For different services. That means. Let's say that first of all you want to database servers. And your password and username was created right. Now when you want cloud function servers. Then instead of creating a new user name and password. Your IT admin. Just has to. Add the permission for cloud function service in your existing username and password. That is all he has to do. So that means. There will only be a single username and Password for every single employee. Right. He just has to keep track of all the username and password for every single employee. And now. He can see. That he can use active battery to track or store or organize the permissions that he has given. To all of the username and password. So now. your task has become simple because you only have to remember one set of username and password. As well as your IT admin task has become simple because he doesn't have to. track all of the different username and password that belong to only one employee. Right. Because now there is only one username and password for one employee. So this feature is actually called a single sign on. That means a single set of username and password. To sign in and access any service that you want as long as you're given the permission. Right. So as your active directory provides this feature which is called Single sign on. So as we all know that Microsoft isn't just providing or offering. You know web based services through its cloud platform that is azure. But it is also it has been actually also providing on premise services as well. So before Microsoft provided azure active directory. Had already provided an on premise active directory service. Which was known as Windows Active Directory. So Windows Active Directory was designed was not actually designed to handle web based services or information related to web based services. Right. So that was one major drawback which led Microsoft to come up with this. Another active directory service which is called is your active directory now. For all the users that we're now using cloud platform. Right. So even though Windows Active Directory and azure active directory come from the same route that is Microsoft they still have many significant differences. One of the very obvious difference is that. Obviously Windows Active Directory like I wanted to do was designed for on premise book as well as your active directory was designed for cloud. Right. So it is basically cloud located. So apart from this major difference there are many other differences. Which we will see. In this windows. 80 versus azure 80 topic. Quick info guys. If you want to become a certified azure professional then do check out inteelipaat azure certification training course. That link is given in the description box below. Now let's continue with the session. But before that let us just see what is. Windows 80 in official definition terms. Right. So. Windows Active Directory is a Windows operating system directory service that offers a single interface for organizing. And maintaining information about the organizations network. Now I've already told you one major drawback because of it. Microsoft had to come up with this another. Active Directory service. But there are so much more than that to learn how Windows Active Directory works differently or how. azure active vertically works differently from Windows Active Directory. We will first have to see how Windows Active Directory works right. So basically Windows Active Directory works on different layers. Each layer to perform different tasks. So as you can see on the screen I have listed five layers so. The first layer is called 80 DNS which is acronym for Windows Active Directory Domain service. And then next we have ADLS which stands for as your data storage services and then toward layer is ADFC which is active directory Federation services. And then fourth layer is adcs. Which is active directory and certification services. And then finally we have the fifth layer which is ADRMS which stands for active directory rights management services. So like I said all of these different layers perform different kinds of tasks right to let's discuss all of these different tasks. One by one starting with ADDS. Yes. So ADDS is like I've already told you stands for Windows Active Directory Domain Services. Right. So this layer actually allows admin to manage information related to user Loggins and other information such as vendor users signed up or logged in. Or when did. Log out and how much of services are they using and stuff like that. And the next layer we have ADLS which stands for a data stored in service this layer lets admin store any amount of data and data of any type and any site. Right. And the next layer ADFC provides the single sign on feature which led to user access systems and applications with the single password and username. Now like I've already told you about little bit about single tenant feature right. So since this is the Windows Active Directory which means that it's working on the on premise work locations. That means that. This. Layer provides single sign on feature using which users will be able to access systems are application not the web based services. Right. With a single password or credentials. So this is what ADFC is for. And then the next layer that we have that is ADCS yes this layer allows admin to customize services and manage our issue public certificates. And then the last layer that we have is ADRMS Which is basically used for data protection. So when we use Windows Active directory the admin will have to take care of five different layers that perform different does and that is also very big of a hassle. So this was one of the other drawbacks which led Microsoft to come up for this azure active directory. Another activity that resolution which is azure active directory right. So when azure directory came into the picture what happened was azure active directory that actually actually merged all these layers into just two layers and these two layers performed all of the tasks that were all previous five layers were doing. So these two layers were WAAD. That is windows azure active directory. And then the second there was WAAC. That is windows access control service. So. WAAD layer combines all the five layers of Windows Active Directory. That means. That it does all the tasks that were previously done by five different layers in Windows Active Directory. So. And it is the ultimate IDentification management layer. And the second layer that is w WAAC enables federation for all of the services of an organization. Now since its azure active directory that means. We are using single sign on to access different as your services right. So for that. WAAC layer was introduced in active directory. And azure active direcotry. So these are the two layers. So this is how azure active directory is much evolved and better version of Windows Active Directory as it has combined all of the five layers and do just two layers and it has performed all of the tasks that were previously done by five different layers. And it also lets users access web based services. Using single sign on right. So this is how azure active directory is different from Windows Active Directory. Now let's see what is service audience that means who is using the service offered by Azure So there's basically three kinds of audience when it comes to azure active directory First is IT administrator. Second is application developer. And then we have online customers. So IT the admins basically ensure. That every employee has relevant credentials to access azure services. With relevant permissions. So they basically take care of all these sign in procedure and they also resolve issues related to authentication now coming to. Application developers. Well they are the ones who want to use the services for which they have been given the permission. Right. So with Azure Active Directory in the picture. Application Developer only have to remember. One set of username and password to access any servers that they want to use for that application of development purpose. Right. And also with azure active directory services are made easily available so their development becomes. Significantly hassle free. Now the next. Service audience that we have here is online customers. So online customers can access services such as office 365 and other C items services offered by azure with there azure active directory credentials. So these are the three major service audience. Of azure active directory service Right. Now moving on. We will learn about the terminologies in azure active directory But of course in order to be able to understand azure active identity in depth you must first get familiar with the major terminology that you will most likely come across when you're dealing with azure active category right. So that is why we are going to cover the terminology section first. Okay so in terminologies we have tenants domains user and drugs. So first of all let's discuss tenants. Now you must have come across this term a lot you must have heard tenant term in context of tenant account Accounts are that Microsoft is a mighty den in our platform or something like that right. So what does it actually mean. Ask for tenant then you can think of it as an organization. Now there are a lot of organization that that are using Microsoft Azure cloud platform right. They're using their services and so all of these organizations can be referred to as separate tenants do which Microsoft azure has been providing on offering their cloud services. So what Microsoft azure does it makes sure that all of these tenants stay isolated and separated. So that they can maintain the services that they are separately providing to all of these organisations. So basically. When people use that term then into account they're usually referring to the parent azure account that an organisation has created. Using which they are making use of azure resources and azure services. Right. So that is what then is an active directory. Now moving on. Next. Terminology that we have here is domains. So what does a domain. A domain is a DNS zone for which the tenant has proven ownership. Which means that it's the public domain of the organisation. Or maybe a subdomain of the organisation. Or even an alternative domain that the organisation isn't using publicly but has ownership for it which means that no one else can use this particular domain. But the organisation it says because it has. It is the lone owner of domain right. So in most cases organisations use this domain for their own websites or applications. So so that the user base of those organisation can access their websites or applications. Using these domains. When you create an azure active directory. You get a default domain with the azure active directory It's usually in the format as shown on your screen that is on Microsoft dot com. The prefix of this domain depends on the name of the Azure Active directory That means. The organisation gets to decide what would be the. Prefix of this domain. And this domain that including that prefix this domain becomes their unique domain for which the tenant or the organisation has the lone ownership. Right now you might be thinking like I said that in most cases organisations use this domain to form their own websites and applications right. Now. If they used this default domain that they're getting with that as your active directory. Which has a suffix of. On Microsoft dot com then. Their user base might think that this URL might take them do some. Microsoft page right because it has Microsoft dot com in the end but that doesn't happen because. In most cases what happens is that the organisations are the usually add their custom domains and azure active category. And then they use and then they verify that custom domain that means they prove their ownership of that custom domain. And then they use that custom domain for. Any of their personal purposes. Right. But how do they add their custom domain in the Azure Active category. So let's understand that. Let's add a custom domain in our azure active directory using our azure portal Right. So for that I go to my azure portal. So this is my Azure portal And basically this is the homepage of my Azure portal. So before we begin adding a custom domain name and azure active directory let me first tell you how you can get a custom domain name it has to be a valid domain name that is the only way it will look now for a violent domain name since it's just a demo you don't have to go and buy or purchase one of valid domain name. You can use one of the. Websites online websites that provide you free domain names for a certain period of time. Right. So I'm going to be using one such Web site for this demo. Which is called. Free non. Not com. Right. So this is what I'm going to use. I will take the. Domain name from here of free domain name and then I will. Add that custom domain name in my azure active category as your active directory here. So first of all let's go out and select custom domain name. All right. So this is how freenom dot com looks. I have already created an account and logged in. All you have to do is create an account and then sign in. And then this page will open up for you. Now what do you have to do is you have to go to service and you have to. Register a new domain. Right. Now what do you have to do is you have to search for a domain name of your choice. So I'll search for. Any domain name that I will start with Hello cloud. All right. So this is here's the result of my search. As you can see. Hello Dot tk is here. Hello cloud. dot ML is hello cloud dot GA is here and all of them are free. We also have some other domain names hellocloud dot com which is not actually free. So we are going to be using a free domain name for today's. Demo. Right. So I would select this hello cloud dot GA domain name. Right. So to get this domain name I just have to click on this button here that is get it now. All right. Once I do it I'll go to my check out Don't worry you won't be charged. If you go to check out because this is a free domain name so. You won't be charged anything right. And I'm getting this free domain name for three months. All right. So click on continue. All right. And then final step I just have to check mark this and then click on this complete order button and then. This domain will be given to me. And I can use it however I wish for the next three months. Right. So I will go to my client area right now that I have a domain. Let me show you guys where it is the domains that you have but Jay-Z are the domains that you have got for free from this free number. You can find them here in my domain section. All right. So the domain that I just bought from them for free was Hello Cloud dot GA Now let's go ahead and add this domain name in my. Azure directory azure active directory right. So in my azure portal what I will have to do is I have to search for azure active active directory All right. So this is my azure active directory And like a doll do that you will get a custom domain name. With every dime you create and azure active directory. So this is my azure active directory one is your active directory already created for you right. And this is my azure active direcotry the default that I drew which is a default that a tree right. And for this to forward that a tree I already have a custom. I already have a default domain name as well. Let me show you how you can find it in this search. But here you just have to dial. Custom. Domain. And custom domain names is the option that you have to select. All right. So now as you can see that there is already a domain name here with this I'll fix off on Microsoft dot com. So this is the default domain name that I got with my default azure active directory. Right. But now we want to add a custom domain name. And we have already bought a free domain name. And now we can start adding that custom domain name not to a custom domain name we just have to click on this button right here. So I click on it and here we have to provide the custom domain name. Which is in our case is Hello Cloud dot GA Right. All right. G. So this is the custom domain name that we want to use. Let's again make sure it's right. Hello cloud dot GA. Hello cloud are you right. So now I'll go ahead and click on this ad but here. All right. So now it says that the use Hello cloud dot GA. Without as your ADT create a new Txt record. With your domain name registrar using the info below. So we have to create a the exterior God in our. Domain registrar which is for us is freenom. All right. Now what do you have to do is you have to navigate through your freenom and. You have to click on this managed domain button in front of the domain that you want to use. So for us it's Hello cloud dot GA. So I click here. All right. From here you have to. Click on manage freenom DNS. All right. Now here we will create a record. Using the information given to us by Microsoft azure right. So what do you have to do is first of all you have to. Change the type to the txt because that is the kind of figure that we're trying to create here. So I would select the txt. All right. To next thing we have to do is we have to copy this. Destination field and then we have to paste the value here in the Target Field. All right. And 40 dl it's already seen. So we don't have do anything. And we have to keep the name field here blank. Right now I'll just click on save changes. All right. So it says My record got added successfully. So I'll go back to my as your report. Now I can go ahead and click on this verify button. But before that let me tell you that. Verifying a domain name could take up to 72 hours. That means once you have. Bought our bit cheesed custom domain name and that once you have added that custom domain name here and there's azure active directory And even when you have created a record successfully. It if you go in and try to verify it. Right. And that second it might not happen for you. At that moment because it. Usually takes up to 72 hours. So if an error comes up then you don't have to worry about that because. It will eventually get verify If you can just come up again and. You can try it in another 10 or 15 minutes. It happen for you eventually. But for the first time when you tried to verify it. It might give you an error saying that it can take up to 72 hours for registering or verifying the domain name that you're trying to create. Right. So let me show you what this error is actually that I'm talking about right. So if I click on verify right now it's going to give me an error like Al Roker already said. So let's see. All right. So it says that it could not find DNS record for this domain because DNS seniors mistake up to 72 hours to propagate. That means that the thing is that I've made that that a that I've successfully added here. Medic up to 72 hours to actually. Get acknowledged. Right. So we are going to wait for a few more minutes and then we're going to try again to verify it. It's going to get verified after some time. Let me tell you once you have added this custom domain name even if it's not certified it's going to show in your. Custom domain name spade. It's going to be shown like this. The status is going to be specified as unverified. So it's only going to get verified after you know after some time. So when you are adding a custom domain name. Once you have added your custom domain name you can just leave it like that you can just leave it for. An hour or two. And then you can come back to it and then just click on it and then click on verify. So we will do it after some time. All right guys. So now let's try to verify this added custom domain name right. So I'm going to act like I've already told you what I'm going to do is I'm going to click on it and I'm going to click on verify. So since I have already created it it's the exterior guard and I have already saved it. It shouldn't give me any problem now because I have waited for a few hours. And before then I tried to verify it as soon as I created these this record it gave me a letter saying that. It could take up to 72 hours for. A created record to propagate right. So now that I have waited for us for some time it shouldn't give me that letter anymore and it should get verified easily. So for that I'm going to click on this button and let's see what happens. All right. So like I told you it should get verified easily and it has it is that verification has succeeded. And now if I go back to my custom domain names page you can see that now the status here is not. Saying unmodified it's say it says verify. That means custom domain that I wanted to add here in my Active Directory my default activity. Has been added and it has been modified as but. Now I can go ahead and start using this. Custom domain name that I have added. All right guys so this is how you can create and add a custom domain name in your. Derrick tree. In your as your Active Directory. Now let's go on and move ahead with our further topics in this module. All right guys so the next terminology that you're most likely to come across when you're dealing with is your active directory as a user. So by now I know you already understand the meaning of. A user. Right. And we have also used this terminology before in this module only when we were understanding what is and as you are activated. But let us once go through the definition. So users are the individuals that are given permission and set of user name and a password. To access and use certain services. Right. So you definitely understand what is a user. But what you don't know is how to create a user and as your acrobatic trick. How to create or how to add a user. So moving on. Let's understand that. Let's add or delete users using these your active directory. Now for that I'll have to move to my border right. So let me do that. All right guys so now I'm in that portal and I have to add a user in my short Active Directory. To do that. I was forced to have to navigate to my as your active directory right. So I'll do that using the search bar over here. I'll just search for as your active directory. And here it is. So this is my default Active Directory. Now I have to add a user in my active category right. So for that I select this users option right here. All right. So as you can see that there are already some users that I've added In my Azure acrobatic tree you can see their names over here. So that means that whenever you create a user they will all be listed down here for you to navigate or explorer from. Right. So let's. Go ahead now and create our own user. Now as you can see that there are two options right here. First is new user. And the second option is new guest user. So let me tell you a brief difference between these two options. The functionality is basically saying you're basically adding a user input as your active directory. And you will be eventually giving them some road so that they can access. Your as your services. But within some specified permissions are. Access controls. Right. But eventually you'll be doing that from both of these. So let's say that you work for an organization and you have been asked to add some users within your organization so that you can provide them access to their. Relevant service. Right. So for that you will use this new user option. So basically this option is used whenever you want to create a user. That is considered as the internal part of your organization. Right. And as for this guest user option you use this option let's say. When your organization wants to collaborate with some external partners. So that they can give them access to some of their. Resources. Right. That is when you use this new guest user option. So apart from the fact that this new user option is only has to be used when. The user is your internal member of the. Organization and this new guest user option has to be used when your organization wants to give access to some external body. That is not a part of the organization. But that external body needs access to the organization services. There's not much difference between these two. Because eventually they will be given a username and password and they will be signing it and then they will be given some rules according to which they will be accessing your services. So all of these procedures remain same. The only fact that differs is that the new user will have a user type that these men will view. And for new guest user the user type would be guest. It's just a very neat way. Of organizing all the users that you have created. So that you instantly know which user is the part of the Internet organization and which user is the external party. As soon as you have a look at this list of users. Right. It's just a neat way. It's just a way of keeping everything neat as as your likes it. Right. So also there is one more difference which is since the New Year when you use this new user option the user is expected to be a part of your organization right. That means. That when you when you create this new user. The user name that you will use. Will have should have. A domain name that is verified with the directory in which trying to create the user. Right. Ask for guest user because they are guests. I mean there are external partners there are not a part of the organization. That means they will have their own. They can have their own domain. And that domain does not have to be. Verified in the directory where you are trying to create a user. Right. Because all the domains that you will verify in your directory. Will belong to that organization only and the extended part knows. They might not have that domain. Because that domain is not of their ownership. Right. So that is why the domain name that you can use and the user name of guest user again does not have to be verified in the default network to where you're trying to add this guest user. So let's start by creating a guest user first. So for that obviously take on this new guest user button. All right. So now. This create user will give me an option to create a user which is a part of my organization. But right now I don't want to create a user. I want to invite a user that means I want to invite a guest from some external party. So that I can provide him access to my services. Right. So I will use this option only. All right. Now I have to provide a name to my guest user. So let's say. The name of my guest user is Chicago. TUCKER Right. And the e-mail address. Now this is what I was talking about. Let's say that the e-mail address is. Now this e-mail address is not verified in my default directory. So but still I am able to use this e-mail address because right now I'm not actually creating a user I'm just inviting a user right. So I have provided the name I have provided the e-mail address the rest of the things are not mandatory so I'll leave that out. And yes that's all I have to do right now. For now the road will be user. And I. There are also options for me to decide whether I want to blog. Sign in for them and other things I don't want to do that now I'm just going to click on invite. And as you can see inviting useful and here you go my user has been invited. That means the invitation has gone through and now that user can decide whether they want to accept the invitation or not. As you can see the user type of the user that I just invited says guest that means is it's a guest user and not not an internal member of my organization which would have the user type of member. So now that you know how to create a guest user let's let's go ahead and actually create a user. Using this new user option. All right. So for this also I'm again going to click on this add button and now. Out of these two options I'm going to choose this option here. That is create user. All right. So now I have to provide first of all I have to provide a username. Like I said. The user name should have the domain name that is verified in mind for that act. So the first domain name option that I get here is obviously the domain defined domain name that I get but my acrobatic rewrite because since this is the default domain name that means that it has already been verified by that entry. So it's there and I would also get option for any other domain name that I might have gone ahead and added myself. That means the custom domain name if I have verified any custom domain name in my directory. Then I can choose that domain here as well. Right. So let me show you the domain name that we had the custom domain name that we have previously added in mandatory. Should show here. If I click on this dropdown option you. All right. So here it is. As you can see how little our dog Jiggy. The custom domain name that I had added is also here. Since it has been verified in my agent account. I get the option. Of using this domain name as well. So let's do one thing let's first give a name in the user name right. So that name would be. Let's say Jordan. All right. Now for as for the domain that I want to use I will use the custom domain name that I had just verified and added In my trick right. So this is a domain name. Now I can provide the names of a name again. Go ahead with Jordan. Right. So the rest are the things again are not mandatory so I'm just going to leave. I can blog the person or I can. Give job info I can provide the data to you I can get the department if I want to so that everything. Stays organized for me so that I know this user it belongs to this department. Right. So for this demo I just going I'm just going to go ahead and skip that part and now we can just go in and. Click on Create. All right. So as you can see that the user that we have just created is added the name of the user is Jordan and the user type is member and the user name of that user name says hello. Dot cloud. Hello Cloud Dog G right. So this is the custom domain name that I had added and verified in my Active Directory. Also one more thing that I would like to point out is. This is the user name for the user right. So that is the password. Let me tell you. So when you are creating a user letter that we are again in this create user page right. So if I give a name you know let's say. Sara. And the name would be Sara and domain name I'm going to keep the default domain here. Now as you can see that there is a password option here. If I click on this show password then it will show me the password. So just copy this password and keep it somewhere safe because when you are giving the credentials to that particular user you will have to give this user name and this password to that user name and user. So that for the first time it can log in using these credentials. Right. So this is where you can get the password. So just copy it and keep it submissive and then you can go ahead and create the user. So for Sara I have the user name I have the bus what did I do that that I had copied and I go to sign up and give her these credentials so that she can access the resources using. Or she can log in using the credentials. That I have created. Right. All right. So this is how you can create a user or you can invite a user in your as your acrobatic tree so that you can provide them access. To some of your services from the subscription right. So this is. So this is how you create a user but how about deleting a user. Well that's easy. There is a delete user option here. You just have to select the user select any user that you want and then you can just click on this delete user button. And then just click on yes. All right. So as you can see I have received a notification saying that the user setup. Has been successfully deleted. So this is how you can delete users. So let's move on and understand our last terminology. That is gross. Right. So what are groups. Well when we talk about drops in a jar active category so as you can already imagine imagine or guessed from the name itself. A group is logical code a collection. Of users. Right. So groups in a jar Active Directory are different then the resource groups because they are the logic of election of resources why these groups are logical collections of users. Right. So groups are created to organize. The users or devices on the basis of geographic location. Department. Types of services or hardware characteristics. For example let's say that you are an idea admitted in your organization and you have a department. Where the employees usually need access to same services. Right. So now what you can do is you can create them users and then you can give them access or you can create them user. And then you can put them in a group and then giving access to separate users one user one by one. What you can do is you can just give access to the whole group and that team access or same permissions will be inherited by any member that is added in the group. That means the users of the group. Right. So that is how you groups work. Now let's see how we can actually go ahead and create groups and add members using as your Active Directory right. So again for that I'd have to move to my borders to the first option that I get here is the group type. So you can select group type on the basis of what is convenient for you. I'm just going to keep the default value. The next is group name. Now we have to provide a name to our group. Now remember that the name of your group should be relevant because it should be easy for you to understand or to remember what that group. Involved or what kind of services are involved with that group. As soon as you look at the name. So remember to keep the name of the group relevant. Right. So I'm going to name my group as developmental right. All right. So the next option that we have is group description is not mandatory but you can add a description for the group. You can add what kind of services are involved in that group or how many members out there in the group. And things like that. So it basically. Gives us a neat organized way of you know having a drag on the group. Right. And the next option that we have here is membership type. So this member in this membership type you basically get three options assigned dynamic user and dynamic device. So you basically use this assigned membership type whenever you want to create a very basic group and active members in it. You know you can add those members in this group manually and you can remove those members. Manually. Right. And the next option that we have here is dynamic user which actually lets you define some rules for this group on the basis of it new users can be added automatically or existing users can be removed automatically. That means you won't be you won't have to do anything men believe and they use those that meet the requirement of the rules that are set by you for this group ever be added automatically to this group and the users users that don't meet requirement of the rules that have been set by you for this group will be removed automatically from this group. If you use this dynamic user option right. And the next option that we have here is dynamic device. Not this option is similar to the previous option. The only difference is that it automatically adds or removes. A device in a group instead of a user. So for this demo we will use assigned only. All right. So the next thing that we have to do is add a member in our group right. So for that click here and out of all of these entities you can select the members that you want. So we had created a user named Jordan right. I'll go ahead and to late Jordan and add Jordan as a member in my group right. All right I'll go ahead and select one more user here. I already had a user named on red. So red. I'm going to add red also in my group. Right. All right so now I have two members. I'll just go and click on select and then I will click on Create. All right. So as you can see I have received the notification saying that the group has been created created successfully. That means my group is here. And available for me to use. As you can see that the member ship type is assigned and this group type of security in the name of the group is development. If I go inside that group. I will be able to see that there are two members in my group that I that are users actually right. And if you want to delete this group you can just go ahead and click on the delete option here. The group will be. Deleted easily. So this is how you create a group and add members in it. And as your identity. All right guys so now it's time for a quiz. So my question for you guys is what is your active tree. Your options are networking service offered but as your data video service offered by as your identity and access management service offered by shop or is it another dome so as your subscription if you guys know the answer to this question then duly were common in the comment section below to know if you're correct. Quick info guys if you want to become a certified as ya professional then do check out and tell box is your certification training course. The link is given in the description box below. So guys this brings us to the end of this session. I hope you found a sweet informative if you have any queries then do leave a comment. We would love to help you out. Thank you for watching.

Info

Channel: Intellipaat

Views: 40,071

Rating: undefined out of 5

Keywords: azure active directory, azure active directory tutorial, azure active directory domain services, azure active directory connect, azure ad, azure ad connect, azure ad tutorial, azure ad connect installation step by step, azure ad domain services, azure active directory basics, azure fundamentals, active directory tutorial for beginners, active directory explained, Windows AD vs Azure AD, azure tutorial, azure, simplilearn azure, Intellipaat, edureka azure, intellipaat azure

Id: T3lYtv8Pbiw

Channel Id: undefined

Length: 50min 23sec (3023 seconds)

Published: Wed Sep 18 2019