Install Azure AD Connect with Customized settings
If you have multiple forests or you need to customized your sign-in option or customize synchronization feature, then this is the recommended option to use.
- If your internal domain is not a routable domain, you need to select the customization settings to configure user sign-in.
- On the Install required components page, check Use an existing service account and type service account name and password, click Install.
  NoteBy default Azure AD Connect uses a virtual service account for the synchronization services to use. If you use a remote SQL server or use a proxy that requires authentication, you need to use a managed service account or use a service account in the domain and know the password. In those cases, enter the account to use. Make sure the user running the installation is an SA in SQL so a login for the service account can be created |
3. On User sign-in page, select Federation with AD FS to be the Sign On method, users can sign in to Office 365 using the same password as on-premises network, click Next.
4. On Connect to Azure AD page, enter global admin account and password, click Next.
  NotePlease use an account in the default onmicrosoft.com domain, it will happen error if using the federation domain account.
|
5. On Connect your directories page, select local domain and click Add Directory.
6. It will pop up AD Forest account page, select Create new account and enter the service account name and password, click OK and then click Next.
7. On Azure AD sign-in configuration page, make sure the UPN domains present in on-premises AD DS and be verified in Azure AD, click Next.
8. On Domain and OU filtering page, click Sync selected domains and OUs.
9. Select OUs you do want to synchronize to Azure AD, click Next.
10. Click Next on the Uniquely identifying your users page.
11. Click Next on the Filter users and devices page.
12. On Optional features page, select Password synchronization and Password writeback, click Next.
13. On AD FS farm page, click Use a certificate installed on the federation servers.
14. It will pop up Select Federation Server page, enter AD FS server name in Search field.
15. Select AD FS server and click OK.
16. Select CERTIFICATE and select SUBJECT NAME.
17. Enter ad fs server name in SUBJECT NAME PREFIX, click Next.
18. On the AD FS Servers page, enter AD FS Server name in the SERVER field, click Add.
19. Click Next after verifying server connectivity completed.
20. On the Web Application Proxy servers page, enter WAP Server name in the SERVER field, click Add.
21. Click Next after verifying server connectivity completed.
22. Enter local domain administrator user name and password on the Domain Administrator credentials page, click Next.
23. Enter AD FS service account user name and password on the AD FS service account page.
24. On the Azure AD Domain page, select federation domain name, click Next.
25. Select Start the synchronization process when configuration completes on the Ready to Configure page, click Install.
 NoteIf it happens Unable to create the synchronization service account for Azure Active Directory Error, please check your firewall settings and make sure application control function not be enable and then click Retry.
|
26. Click Next on Configuration complete page.
27. On the Verify federation configuration page, select I have created DNS A records that allow clients to resolve……was configured click Verify.
28. Click Exit after Intranet configuration was successfully verified.
Hope you enjoy this post.
Cary sun
TWITTER:@SifuSun
