The Microsoft Azure Training Series: How to Implement and Configure Directory Synchronization in MS Azure
The Microsoft Azure service suite consists of several useful elements such as Azure Active Directory, which is basically a storage and brand identity feature that allows your applications to have active representation, as well as storage/access facilities, within the cloud atmosphere. Within the Azure AD sphere is a service known as Azure AD Connect, which allows you to sync your Azure AD with an on-premises directory, for even more seamless access.
In this part of our Microsoft Azure Training Series, we will see how you can configure and implement the directory synchronization feature through Azure AD Connect.
Core Concepts of Azure AD Connect
The Microsoft Azure platform provides a whole host of features that allow active synchronization of various storage sources, for immediate access and the construction of a hybrid cloud environment. Azure AD Connect, which is an advanced version of the previously used DirSync, enabling you to unify your identity for Azure, SaaS applications and Office 365, which are integrated with Azure Active Directory.
There are 3 core components that make up Azure AD Connect; namely the Active Directory Federation Services, synchronization services, and a monitoring element named Azure AD Connect Health.
Configuring Directory Sync with Azure AD Connect
Before moving on to the synchronization itself, make sure that you have the prerequisites taken care of. These include:
- Making sure that you are operating the server which will be used to synchronize the directories.
- Downloading Azure AD Connect and configuring the initial settings.
- Possessing a verified Azure AD domain, since non-reputable domains are often not synchronized properly.
Assigning Licenses to Users
The management of Azure AD Connect is, by default, only permitted for local admins and the user who installed the sync engine. After installation and verification, the next step is to assign the relevant licenses to all the users who will be implementing changes within the environment. You can assign either an Enterprise Mobility Suite or Azure AD Premium license.
Following is how you can do so:
- Sign in to your Azure portal from the admin account
- On the left panel, click on Active Directory, which will open up the Active Directory page.
- On the AD page, double-click on the directory which contains the users you want to assign the licenses to.
- Choose Licenses, on the top of the individual directory page. This will open the Licenses page.
- On this page, you will see the option of Enterprise Mobility Suite or Active Directory Premium license. Select the one you want to assign, then click on the Assign tab.
- A dialog box will open, in which you will be asked to select the users that you want to assign the license to. Select all the users and click on the check mark to accept and save.
Additionally, you will need an on-premises user, with on-prem credentials, to sync, using the express method.
Configuring Azure AD Connect
The next step is configuring the sync engine, in order to implement the synchronization through the password sync route.
- Open Azure AD Connect and on the left-hand tab, click on Express Settings. There will be another Express Settings tab at the bottom-right of the page; click on that as well.
- A subsequent page will open up, which will require you to enter your Azure AD credentials. Enter your credentials in the spaces and click Next.
- In the subsequent page, named Connect to AD DS, you will be required to enter your enterprise credentials. Do so, and click Next.
- This will open the configure page, which will display the elements to be configured. Simply Click on the Configure tab at the bottom-right of the page, and the sync engine will automatically connect the AD connector to the local forest.
You can then log in to your on-prem portal and utilize the background synced directory, thereby being able to access both the cloud and your on-premises directory simultaneously.
For users who wish for even more functionality, there is a customizable sync option that allows you to access more intricate configuration options and parameters, such as directory type and forest, at the time of configuration. Users also have access to more elements that they can install, for added functionality.
An added feature of customized configuration is the ability to individually identify the users of the Azure AD. Said users have unique roles, aligned with the unique position.
While this is a highly advantageous option for the advanced user, newer users are recommended the password sync offered by the Express Settings.
Synchronized Directories
Completion of all the steps mentioned above creates a synchronization between your on-premises directory and your cloud directory, courtesy of Azure AD. The hybrid environment created from this process allows for more streamlined deployment of developments such as date and applications.
Synchronization of both the directories is a fundamental part of our Microsoft Azure Training series. It enables you to have one unified identity for all the applications and office suites that are integrated with Azure AD. Stay tuned for more fundamental Azure AD concepts and tutorials.