Tag Archives: office365

Upgrading to Azure AD Connect from AADSS

Microsoft recently released to GA (Generally Available) Azure AD Connect which is a much simplified installation and replacement for DirSync and Azure Active Directory Sync Services. Under the hood, it’s the same as Azure Active Directory Sync Services except it improves the installation experience. For an introduction to Azure AD Connect and why you might want to use it, give this place a visit.

I thought that, since I’ve already done a series on Azure Active Directory Sync Services, I’d simply show the process to upgrade from Azure Active Directory Sync Services to Azure AD Connect. It is pretty idiot proof so let’s get to it.

First, download Azure AD Connect. Once you’ve downloaded it, copy it to the server that is currently running DirSync or Azure Active Directory Sync Services and double-click it.

Continue reading Upgrading to Azure AD Connect from AADSS

Addendum: Getting started with Azure Active Directory Sync – UPN Suffix

Addendum: Getting started with Azure Active Directory Sync – UPN Suffix

In this post we’ll explore briefly using UPN (UserPrincipalName) suffix matching when configuring Azure Active Directory Sync Services. This particular configuration may seem like the silver bullet to getting our users synchronised in to the Azure AD correctly but it could also give you more problems if you don’t consider the rest of your infrastructure and how it may rely on that UPN suffix. I’d ask that you read this entry through before actually making any changes to your on-premises AD infrastructure.

Continue reading Addendum: Getting started with Azure Active Directory Sync – UPN Suffix

Getting started with Azure Active Directory Sync Part 3

Part 3: Getting started with Azure Active Directory Sync – Mopping up

Part 1: Getting started with Azure Active Directory Sync – Tools

Part 2: Getting started with Azure Active Directory Sync – Actually doing it

So, after completing the last mammoth post, we now have synchronisation working (for the most part) but we do have one user called Outside Azure that has picked up the default Azure AD domain suffix, which isn’t what we want, so we’ll explore a couple of ways of remedying this.

During the set up process, we also created a couple of user accounts; one on each of our on-premises AD and Azure AD. Both are the accounts involved in the synchronisation process. Now, best practice suggests we should change the passwords every 30 days but the reality is; we live in the real world. I’d like to think we all enjoy the luxury of waiting for our passwords to expire so we can reset them to keep our systems safe from information disclosure but most of us will likely want to know how to prevent these passwords expiring. This isn’t recommended per se but I’m going to tell you how to do it nonetheless.
Continue reading Getting started with Azure Active Directory Sync Part 3

Getting started with Azure Active Directory Sync Part 2

Part 2: Getting started with Azure Active Directory Sync – Actually doing it

Part 1: Getting started with Azure Active Directory Sync – Tools

Part 3: Getting started with Azure Active Directory Sync – Mopping up

In order to do this part, I have to make certain assumptions about your environment. If this isn’t exactly true for you, sorry but hopefully you can adapt the information here to assist.

The PRIMARY assumption here is that you want your users to log on to Azure AD using their externally routable primary email address. This will be the same as the mail attribute of their on-premises AD user object. My on-premises AD users log in using a format like this: lroberts@transishun.local but their primary email address is lewis.roberts@transishun.co.uk. I want them to log in to Azure AD using their external email address. The screenshots below might explain this better.

So, what if you don’t want to sync with the users’ primary email address and you’re happy to use the users’ normal username with the external domain? Well, the other option is to add a UPN suffix to your forest for the external domain but then users would need to log on to Azure AD using username@[thenewUPN] instead of using their, presumably more memorable, email address. You can add a new UPN in Active Directory Domains and Trusts – Google it. ;-). If I were adding a new UPN in the following examples, instead of using the mail attribute for Azure AD usernames, I would add the transishun.co.uk UPN in my on-premises AD and configure the Azure AD Sync Services program to use the UserPrincipalName attribute instead of mail. If this doesn’t make sense now, do the following steps in a test environment first then read my series addendum post.

Continue reading Getting started with Azure Active Directory Sync Part 2

Getting started with Azure Active Directory Sync Part 1

Part 1: Getting started with Azure Active Directory Sync – Tools

Part 2: Getting started with Azure Active Directory Sync – Actually doing it

Part 3: Getting started with Azure Active Directory Sync – Mopping up

I’ve recently been involved in setting up an Azure Active Directory service and syncing it with an on-premises AD. The process is made to seem straightforward in Microsoft’s documentation but the management tools you need to download and install before you can successfully manage it are not well documented and in some cases, buggy too!

In order to administer your Microsoft Azure Active Directory, you’ll need to obtain these downloads.
Continue reading Getting started with Azure Active Directory Sync Part 1