Install Azure AD Connect


So I decided to take the plunge and switch to Azure and Intune to test the MDM part and the Co-Management of SCCM.
I am currently testing the Enterprise Mobility + Security E5 subscription which includes ...

Ouille the price that stings… CHF 16.40 (€ 14.60) per user and per month!
But hey, a little new has just appeared, since I don't need all of it, at the end of my trial period, I will instead use the much cheaper version, CHF 5.60 (€ 5.10) .

To see the different subscriptions and their options I invite you to go on this page at Microsoft.

Now that I've taken out my credit card… let's get down to business, synchronizing my AD On-Premise with AD Azure.

Adding a custom domain name

Since by default we have a subdomain, I want my users to connect with the domain and, to do this, left click on Azure Active Directory

Click on Custom domain names

Click on Add a custom domain

Enter the domain name and click on Add a domain

Validate your domain with your DNS host or in your DNS published on the internet with the TXT or MX record requested.

If all goes well, your domain will go into domain Checked. 
We have completed the domain configuration.

Installing Azure AD Connect

Azure AD Connect is an Active Directory synchronization utility that can be downloaded From this page from the Microsoft site.
It allows you to perform the following operations:

  • Password hash synchronization : An authentication method that synchronizes a user's local AD password hash with Azure AD.
  • Direct authentication An authentication method that allows users to use the same password locally and in the cloud, but without the additional infrastructure of a federated environment.
  • Federation integration : Federation is an optional part of Azure AD Connect that can be used to set up a hybrid environment using an on-premises AD FS infrastructure. It also offers AD FS management features such as certificate renewal and additional AD FS server deployments.
  • Synchronization : This component is responsible for creating users, groups, and other objects, and also for ensuring that the identity information for users and groups in your on-premises environment matches that in the cloud. This synchronization also includes password hashes.
  • Functional analysis Azure AD Connect Health can provide robust monitoring and a central location in the Azure Portal for viewing this activity.

Here is his operating scheme without AD FS

Image search result for "azure ad connect"

And how it works with AD FS:

Image search result for "azure ad connect"

Launch of the Azure AD Connect installation MSI.

For my part I used the option Customize, this will allow me to connect to my SQL instance without having to install a SQL Server Express yet ...

I enter my information for my SQL server, I must also enter a service account, so that the assistant can connect to it.

This is where everything is played, I chose the default option, i.e. Password Hash Synchronization, but if you have AD FS do not hesitate to use Federation with AD FS 😉
If you do not know which scenario to choose, this page could help you.

Enter your Azure credentials

Connect to your AD, select your Forest, then click on the button Add Directory

Choose whether the wizard should create a sync account for you or if you prefer to use a current user.
I chose the default option (Create a new AD user).
Then enter the username and password of a company administrator.

If all goes well, there is a small green "Vu" that appears next to your forest, if you have others, perform the same operation as before.

We check the UPN suffixes previously created on the Azure portal and selection of the UPN that should be used for Azure user names. I left the default choice (userPrincipalName) because it suits me very well.

For my part, I don't want to throw all my AD into Azure, so I filter the OUs that I want to synchronize.

It is possible to modify the unique identification of our users, I left by default (Users are represented only once across all directories.)

It is possible to filter users and devices, I will leave the default choice (Synchronize all users and devices) and synchronize everything.

We can still add some optional features, such as Office 365 Exchange hybrid synchronization, Azure password synchronization to AD On-Premise (Password writeback), etc.

We are ready to configure synchronization with Azure AD.

The installation is complete and the synchronization is complete, let's see what happened on the Azure portal side.

Here is my AD On-Premise, normally I should only have this user in Azure ...

Bingo! My user is there and we can see that the source is Windows Server AD

Here, the synchronization being effective and functional, this tutorial is finished.


Steven Bart

Founder of - Vevey, Switzerland. I have been in IT since 2001, I work as a Workplace Architect and mainly deal with the administration of MEMCM (SCCM), the mass deployment of workstations and applications. Learn more about me.

    Leave a comment

    Your email address will not be published. Required fields are marked with *