Deployment Azure AD Connect

If you need a tool to connect your on-premises directory with Azure AD and Office 365, Azure AD Connect is the best way to do it. Azure AD Connect has two installation types for new installation: Express and customized.

Prerequisites

  • It must be installed on Windows Server standard or better.
  • It supports full GUI installed only.
  • Azure AD Connect must be installed on Windows Server 2008 or later. This server may be a domain controller or a member server when using express settings. If you use custom settings, then the server can also be stand-alone and does not have to be joined to a domain.
  • If you plan to use the feature password synchronization, then the Azure AD Connect server must be on Windows Server 2008 R2 SP1 or later.
  • If you plan to use a group managed service account, then the Azure AD Connect server must be on Windows Server 2012 or later.
  • Disable PowerShell Transcription Group Policy.
  • .NET Framework 4.5.1 or later and Microsoft PowerShell 3.0 or later installed.
  • If Active Directory Federation Services is being deployed, the servers where AD FS or Web Application Proxy are installed must be Windows Server 2012 R2 or later. Windows remote management must be enabled on these servers for remote installation.
  • You need SSL Certificates if Active Directory Federation Services is being deployed
  • An Azure AD Global Administrator account for the Azure AD tenant you wish to integrate with. This account must be a school or organization account and cannot be a Microsoft account.
  • Create a A record for AD FS federation service name on both intranet and internet.
  • Check the link for https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-ports if you have firewalls on your intranet.
Note

Please review the latest prerequires before Install.

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-prerequisites

Install Azure AD Connect with Express settings

If you have a signal forest AD or User sign with the same password using password synchronization, then this is the recommended option to use.

Azure AD Connect Express Settings is used when you have a single-forest topology and password synchronization for authentication.

Before you start installing Azure AD Connect, make sure to download Azure AD Connect and complete the pre-requisite steps in Azure AD Connect: Hardware and prerequisites.

  1. Sign in as a local Administrator to Azure AD Connect Server.
  2. Navigate to and double-click AzureADConnect.msi.
  3. On the Welcome screen, select the box agreeing to the licensing terms and click Continue.


  1. On the Express settings screen, click Use express settings.


  1. On the Enter your Azure AD credentials page, enter the username and password of a global administrator for your Azure AD. Click Next.


  1. On the Enter the Active Directory Services enterprise administrator credentials page, enter the username and password for an enterprise admin account. You can enter the domain part in either NetBios or FQDN format, Click Next.

Note

The Azure AD sign-in configuration page only shows if you did not complete verify your domains in the prerequisites.

If you see this page, then review every domain marked Not Added and Not Verified. Make sure those domains you use have been verified in Azure AD. Click the Refresh symbol when you have verified your domains.
  1. On the Ready to configure screen, click Install.

Note

If you have Exchange in your on-premises Active Directory, then you also have an option to enable Exchange Hybrid deployment. Enable this option if you plan to have Exchange mailboxes both in the cloud and on-premises at the same time.
  1. When the installation completes, click Exit.
  2. After the installation has completed, sign off and sign in again before you use Synchronization Service Manager or Synchronization Rule Editor.


Hope you enjoy this post.

Cary sun

TWITTER:@SifuSun