Latest posts by Adam Bertram (see all)
- Create a certificate-signed RDP shortcut via Group Policy - Fri, Aug 9 2019
- Monitor web server uptime with a PowerShell script - Tue, Aug 6 2019
- How to build a PowerShell inventory script for Windows Servers - Fri, Aug 2 2019
This is a simple tool that allows you to install a piece of software on a domain-joined server, which will then automagically sync up your on-premises AD environment with Azure AD.
In order to use Azure AD Connect, you must first meet a few prerequisites:
- You must be a global administrator in Azure AD for the Azure AD tenant to sync.
- Your on-premises domain controller must be Windows Server 2008 or later.
- You must be an enterprise administrator in your on-premises AD environment.
If you've met all the prerequisites, you're good to go! First, you'll need to download Azure AD Connect. Once downloaded, simply run the installer and accept all the defaults.
Once Azure AD Connect is installed, you'll be prompted either to choose Express Settings or get more advanced with customizations. I have a single Active Directory forest so I'll choose Express Settings.
Choosing Express Settings for Azure AD Connect
All the necessary components will then begin installing onto the server to get on-premises AD synced up with Azure AD.
I'm then prompted to provide my Azure AD global administrator credentials.
Entering Azure AD global administrator credentials
Once I've hit Next, Azure will verify I have all the appropriate rights.
I'm then prompted to input my on-premises AD credentials, which will also be verified to ensure that the account has the appropriate permissions.
Entering on-premises AD credentials
Once I'm done, I'm presented with the option to begin configuration and automatic synchronization, which I will choose to do.
Synchronization process start
This then begins to install more prerequisite software, such as a small SQL express database and a few other pieces of software required for the synchronization.
During the configuration, you'll see the progress of each step. For my demo domain, this process only took a couple of minutes in total.
Synchronization is complete
The last step is to confirm the sync actually worked by entering the Azure Portal and verifying all my on-premises accounts have been populated in Azure AD.
Verifying that on-premises accounts have been populated
You can see that I had five local accounts in my on-premises AD forest. That is all there is to it. If you've had to set this up before, you'll find this is far easier than it used to be! If you'd like more information about using the customization feature in particular, check out Microsoft's Active Directory Team blog post. It explains everything you'll see if you need more control over the behavior.