Azure AD Connect | Active Directory | Domain Sync for Hybrid, Office 365, WVD

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Applause] [Music] you hello and welcome everyone so in this video we will go through the steps required from start to finish synchronizing our on-premise Active Directory users to as your Active Directory now why would we want to do this the reason is is to enable us to use our on-premise ad credentials usernames and passwords to log into Azure in the form of either the portal or an application image or we would need to sync active directory that contains all our users for our organization so as we can see from the diagram we have our on-premise Active Directory and we have clients I need to login or Center Kate using Azure ad apps for example like office 365 or Windows VMs a prime example of this would be a Windows virtual desktop within the jaw so users would need to log in over the internet using the Rd web interface to log in to game access to their desktops hence they require their username synced to Azure ad and the way we do this is to use an application called ad connect to perform the sync - as you'll then we'll be able to use our ad credentials to log into these applications so before we get started please subscribe to the channel videos posted weekly on cloud technical guides and certification I'll give you a moment to do this IV user link in the description or bottom right-hand corner of the screen thank you okay so what's covered in this video we were at our custom domain name for login to as your we'll build a domain controller users configure DNS added that domain suffix is install ad connect applications once and power so to sync our users to Azure and then we will test from that point so let's get started so first all we need to add our custom domain name so in this case is his cloud inspired okay dot uk' so the main thing normally forms part of your user name or your email address for the identifier for many directory resources to log in so we need to add our domain and verify that in as your we can use cloud inspired doctor or ek within our as your Active Directory so if we're going to as your Active Directory and if we scroll down and we go to custom domains then if we add a custom domain so in this case cloud inspired okay at UK now all we need to do is we need to verify this with our DNS provider so we need to take this config and actually put it into our DNS provider so this is just an example we need to take our destination or points address form ashore and then we need to create a DNS record within our ISP that start domain so in this case from is your perspective we've actually verified that domain now Baron and my mum we changed this within our ISP basically can take up to 72 hours for it to propagate over the Internet so now we want to download the ad connect application to enable us to sync our users we will install that later but first of all install it domain controller now [Music] so here we will create domain controller that will contain all our users to sync up to Azure so in this demo the domain controller we'll be using is actually installed within Azul for ease of provisioning okay but this could be in your data center or on-premise environment to enable the sync to occur to a jewel so I won't go through how to build a VM I in this video as there are other videos and my channel showing there so put the links in the description if you need that so we can RDP to the VM that's been created currently this is a member server not part of any domain and we will promote to the domain controller or DC for short so if we copy the public IP address to rdptour type mstr c and the command line and then RDP using that IP address so now if we log in with our credentials click OK so what we'll do now is we will promote this server to a domain controller so if we got to manage ad walls click Next click Next and then if we choose the main services and then install so this starts the domain controller installation process now within the installation window once this is done we can see we get a little link to ask us to promote this to a domain controller so if we click that link so we get three options here we can add a domain controller to an existing domain we can add a new domain to an existing forest or we can add a new for us because this is completely new forest we need to choose a new forest to create a new domain controller so I'll root domain name in this case is cloud inspired dot local so if we now choose a directory services restore password now this is important if you need to restore your director at any point so you would enter this password of that that staging so if we click Next and then click Next and then the NetBIOS name should just automatically fill with a cloud inspired and if we click that and choose all the default paths for database our logs and our sis for folder and then once all the prerequisites checks are done check this to see if they're okay and if all good click install was speed up the video after this point one Steve domain controllers beam now installed and promoted okay that's now done we've rebooted the domain controller and now we'll log back in [Music] so now we want our domain controller to have a static address static IP so we don't want this to change so we can do this within these your portal to make sure this is maintained so if in the VM if we go down to to networking then if we click on the network interface that we want to assign the static address to then if we drill down and then if we choose static and then we can see how IP address of our domain controller there and then click Save and now we can see the private IP address is a static address which is good we also need to make sure that our V net or virtual network has the IP address of our domain controller for DNS so if we go into virtual networks we're going to DNS servers then if we choose custom then we can type the IP address of our domain controller for DNS which in this case is 10.0 0.8 then if we click Save also the last thing within our domain controller if we go to the networking and have a look at the network card we want to appoint me the DNS addresses here to all our domain controller so we've just got one DC here for demo purposes but in a normal production environment you would have two or more domain controllers for resiliency so you want to pull all the DNS addresses here so we can contact all the domain controllers through DNS it's also recommended to check to see if your DNS forwarder includes the is your DNS server IP address so this provides functionality such as virtual machine agent communications and the VMS ready stay health stay name was a vm to obtain an IP address via dhcp and enables a VM to leverage as your DNS services [Music] so you pian suffixes form part of the Active Directory ad log on names we will use cloud inspired or code UK to enable us to use this as the logon name so we do this with in Active Directory domains and trusts if we don't add this here when we create a user later we word only have the DNS name for ad domain available which is cloud and spot local therefore we need to add at the Codel at UK so this forms part of our login so here we will now create our user accounts for our ad connect application so we need to account to an Express setup okay so we need a global administrator and as your ad user and we also need an enterprise admin account within our Active Directory or premise domain so first of all we will create the is your ad user so if we go into is your Active Directory click on users click new user then it Frito pie username and then in this case we're gonna choose our domain name which is cloud inspired dog hallo UK and if we type the password and then if we click crate you we also need to add this account as a global administrators woven Azure so if we go and click on the account and then we go to assigned roles and if we click Add and then type global administrator and then click OK and now that's added it's a global administrator so now we've enacted director we will create our enterprise account if we right click new user give the user a name and if we choose Tokyo UK is a suffix type of password click Next if we go to properties go to members and then if we type enterprise and then include this is an enterprise admin click apply we can see here where we changed the UPN suffix if we didn't add that doc I don't UK and earlier we would just be left on local [Music] okay so after all those steps who are now ready to install a deacon act and our only a few short clicks away to extend on-premise directory to the cloud so who installed in express mode as we have a single forest topology and we'll use password hash synchronization for authentication so Express settings is a default option and it's used for the most commonly deployed scenario but of course you know this could be different for your situation so please check depending on your setup requirements okay so I've used the majority connect application which was downloaded when we added in the custom domain name early on I'll put the links in the description if you need them so if we click use Express settings for this installation so we need to connect to Azure ad with our global administrator account that we created earlier on as you can see we actually get an hour so if we try and just log in with that account just on these your portal so if we go to these your portal and we click login and we just test this account for login and if we enter the password okay we can see we were actually prompted to update our password so that's the reason why we're getting a failure so update it and then we will now try again with an ad connect so if we go back to ad connect if we type the new password that we've just changed and then click Next that should now connect to is your ad with the global up in account okay now it's asking us to connect to our on-premise Active Directory with the second current account that we created okay so now we can see that our cloud inspired dock idle UK domain that we added earlier is now verified so now if we click Next so now we're ready to configure and synchronize a directory with password hash synchronization so if we click Next I'm gonna speed up this video now at this point because it takes a while and then then I'll see you in a second a case another that's fit check out as your ad so if we go into as your ad and if we go into as your weed they can act we can see there the services enabled is synchronized we can see password hashes enabled single sign-on is enabled now take a look at the users that have been synced from on-prem to is your ad we can see that we've got them our Windows server ad user account ad admin that we created earlier isn't that sink to ash or we can see we've got always your Active Directory as your admin accounts that was also created and a couple of other users are also they're synced ok so let's create a test he's within her Active Directory on-premise and then we'll sync this up using some PowerShell to his your ad so if we create a test user now tightly the password I cannot finish unless he user now created okay so now if we go into powershell and then if we type the command gets - ad sync scheduler now this will show us the actual sync cycle so at the moment is set to 30 minutes by default to sync ad so as your ad and then it will just show the next synch cycle one time now and the time it's gonna sing next so when we installed ad Connect we did a full sync of the director so now we can actually sync just that one user by syncing the delta and what the delta does is it just sinks any outstanding objects which haven't hasn't been synced during the forcing we can also perform a full sync using the initial instead of the delta at the end of the command if required we're not going to run that now because we've already done a full sync so now we've done a seg let's go into azure ad and click refresh so we can see our user here our test user that we've created is now synced fully up to Azure so now we can go into these your port and we can login with that test account that was fully synched so hope you enjoyed the video the next set of videos will be a step by step guide on Windows virtual desktop or vwd which allows you to utilize this ad connect setup by logging into his your web interface over the Internet using synched Active Directory accounts so this allows you to use a pool of Windows 10 desktops and publish applications over the Internet also we will cover as your multi-factor authentication I'm looking at the different licensing models so thanks very much for watching the video the links to the downloads and the comment below in the description please subscribe to the channel to receive notifications when weekly videos are posted so all the best and take care see you next time you [Music]

Info

Channel: Cloud Inspired

Views: 3,401

Rating: undefined out of 5

Keywords: azure AD connect, setup, active directory, ad, sync, synchronizing, password hash, office 365, hybrid, on premise, domain controller, install, ou, powershell, command

Id: 898r84nVqaA

Channel Id: undefined

Length: 18min 16sec (1096 seconds)

Published: Thu Jul 02 2020