There are numerous eventualities the place credentials from on-premises Lively Listing environments are synchronized with Azure Lively Listing. Moreover single sign-on, for using cloud sources in Microsoft Azure or Microsoft 365, such synchronization can also be used for the deployment of Microsoft Endpoint Supervisor. The synchronization is completed by way of the instrument “Azure AD Join” offered by Microsoft. First you put in the instrument on a server within the community, then you definately arrange a reference to Microsoft Azure and after that, you let it synchronize the information.
What does Azure AD Join do?
Azure AD Join can synchronize consumer accounts between on-premises Lively Listing forests with Azure Lively Listing. It could actually additionally synchronize password hashes on demand in order that consumer accounts in Azure AD can be utilized to authenticate in opposition to sources in Azure and Microsoft 365. Nevertheless, customers don’t must re-authenticate, as an alternative the credentials on the on-premises machine are carried over to Azure.
These are the conditions for utilizing Azure AD Join
In fact, a subscription to Microsoft Azure is required first to make use of Azure AD Join. A free trial model will also be used right here. The set up of the required software program should happen on a server within the native knowledge heart. Right here Microsoft recommends using a member server. The set up shouldn’t be finished straight on a website controller for safety causes, however it’s potential. Azure AD Join shops the information in an SQL database earlier than synchronization. By default, SQL Server 2012 Categorical LocalDB is used right here. Azure AD Join requires a graphical consumer interface. Set up on a core server with Home windows Server 2016/2019 just isn’t potential.
Arrange Azure AD Join
The setup of Azure AD Join is commenced by way of the Azure portal. Right here, the menu merchandise “Azure Lively Listing” is offered. Under “Azure Lively Listing” you’ll once more discover “Azure AD Join”. Right here you possibly can see the domains which might be already linked and may also obtain the MSI file that you want to set up within the native knowledge heart. You can too obtain Azure AD Join straight from the Microsoft Obtain Middle (https://www.microsoft.com/en-us/obtain/particulars.aspx?id=47594).
To set it up, set up Azure AD Join on the server that you simply need to use to synchronize the consumer accounts of the on-premises Lively Listing forest to Azure. The setup is completed by way of a wizard. On the primary web page, the wizard exhibits the actions that the instrument can carry out.
After confirming the license phrases, you possibly can choose whether or not to make use of the wizard’s default settings or to customise the setup on the “Categorical Settings” web page. Usually, the categorical settings are enough. After deciding on the categorical settings, the login to Azure AD takes place.
After coming into the credentials for Azure AD, Azure AD Join makes an attempt to attach. Usually, the connection must be established with none issues. For troubleshooting recommendations on connection points, see the “Troubleshoot Azure AD connectivity” web page. If the connection is profitable, the subsequent step is to enter the credentials for the on-premises Lively Listing. Once more, the wizard will examine for a profitable connection.
The wizard then checks whether or not the UPN suffixes of the on-premises Lively Listing forest additionally exist in Azure AD. If you wish to be sure that customers can log in to Azure AD with their on-premises Lively Listing login with out re-entering credentials, the suffixes used ought to exist in each environments. You can too proceed with out performing a match. After that, the wizard checks whether or not to proceed with the setup. The person actions are displayed within the window:
Click on “Set up” to proceed the method and arrange Azure AD Join. As soon as the wizard is full, the customers shall be displayed within the Microsoft 365 admin heart (https://admin.microsoft.com). For “UserActive Customers“, the customers from the on-premises Lively Listing must be displayed.
The customers are additionally displayed within the Azure internet portal. Within the “Azure Lively DirectoryUsersAll Customers” space, the synchronized customers could be seen. For “Azure AD Join”, the standing of the synchronization can also be displayed and when the final synchronization passed off.
Regulate AAD Join configuration
The setup of Azure AD Join could be carried out on the server on which Azure AD Join has been put in. The icon for the Azure AD Join administration program is positioned on the desktop. After opening it, all settings could be adjusted. To do that, choose the menu merchandise whose settings you need to regulate and click on “Subsequent”. After that, the corresponding settings could be adjusted. Earlier than adjustments could be made, in fact, a logon to Microsoft Azure should first be made. The login to Lively Listing is pulled from the credentials of the account that logged into the pc. Through the menu merchandise “View or export present configuration”, the configuration of Azure AD Join could be exported to a JSON file.
You may set up Azure AD Join fairly rapidly in the event you comply with a step-by-step information. Different granular settings ought to at all times be finished with care. Nevertheless, please additionally word that Microsoft often adjustments options and interfaces for more moderen merchandise.
Article created: 05.07.2021