/ AZURE, ADFS

How to Set Up Azure AD Connect to Sync and Federate Custom Domain with On-Prem Directory

I deployed a lab environment to learn more about federation access between an “on-prem” lab environment and the cloud. I basically wanted to learn how to federate a custom domain in my Azure AD tenant from my Microsoft 365 subscription with on-prem directory.

In this post, I will show you how to set up Azure AD connect on a domain controller to sync and federate an Azure AD custom domain with on-prem directory. This is done to leverage on-prem Active Directory Federation Services (ADFS) and allow on-prem users to authenticate to cloud services with the same credentials.

What is Azure AD Connect?

Azure AD Connect is the Microsoft tool designed to meet and accomplish your hybrid identity goals.

WHy Use Azure AD Connect?

Integrating your on-premises directories with Azure AD makes your users more productive by providing a common identity for accessing both cloud and on-premises resources.

Initialize Azure AD Connect Setup

Click on the Azure AD connect icon after downloading it and installing it your domain controller. You can download and install it with the following PowerShell commands (Remember this is not setting it up. Only installing Azure AD Connect resources)

Resolve-DnsName download.microsoft.com
$AADConnectDLUrl="https://download.microsoft.com/download/B/0/0/B00291D0-5A83-4DE7-86F5-980BC00DE05A/AzureADConnect.msi"
$exe="$env:SystemRoot\system32\msiexec.exe"

$tempfile = [System.IO.Path]::GetTempFileName()
$folder = [System.IO.Path]::GetDirectoryName($tempfile)

$webclient = New-Object System.Net.WebClient
$webclient.DownloadFile($AADConnectDLUrl, $tempfile)

Rename-Item -Path $tempfile -NewName "AzureADConnect.msi"
$MSIPath = $folder + "\AzureADConnect.msi"

Invoke-Expression "& `"$exe`" /i $MSIPath /qn /passive /norestart"

Double-click on the Azure AD Connect Icon on the desktop

Custom Setup

Select the Customize option

Required Components

Do not select any options. Just keep the default setup and click Install

Select Sign-In Methods

We are going to use our “on-prem” ADFS server as the indentity provider to handle federation services. Therefore, we need to click on Federation with AD FS

Enter Azure AD Global Admin Creds

Set Up Sync

Enter “On-Prem” Active Directory

Create Azure AD Sync Account

Set Up Azure Sign-In to use same creds as our “On-prem” directory

Select OUs to Sync

Identify Users

Synchronize All Users

Skip Optional Features

Provide Creds for On-prem Domain

Choose Existing ADFS Server

Select Azure AD domain to federate with on-prem directory

Ready to configure

Configuration Complete

Verify Federation Connectivity

References

  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect