Shulou(Shulou.com)06/03 Report--

This article is to share with you the installation and deployment of Azure AD Connect, I believe most people do not know how to install and deploy, in order to let you learn, to sum up the following content, say no more, let's read on.

Before deploying Azure AD Connect, you need to consider the following seven considerations:

1.Azure AD

○ you need to use Azure Portal or Office 365 Portal to manage Azure AD Connect

○ Domain, need to add and verify a valid domain, cannot use default domain (contoso.onmicrosoft.com)

○ An Azure AD defaults to 50K Objects. When you verify domain, objects limit will reach 300k objects. If you need more Objects in Azure AD, you need to submit ticket for Microsoft to release the restrictions.

2.On-premise data

Before ○ synchronizes Azure AD and Office 365, it is recommended that you use IdFix to identify errors such as repetition and formatting problems in Active Directory

○ ensures that Sync Features is enabled in Azure AD

§On Premises:Azure AD Connect sync (sync engine)

§Azure AD:Azure AD Connect Sync Service

3.On-Premises Active Directory

○ AD Schema version and Forest functional level must be Windows Server 2003 or above

○ if you plan to use Password writeback, then domain controller must be Windows Server 2008 R2 or above

○ ensures that the domain controller used by Azure AD is writable

○ recommends enabling Active Directory Recycle Bin

4.Azure AD Connect Server

○ Azure AD Connect cannot be installed on Small Business Server, must be Windows Server 2012 standard or above

○ does not recommend that Azure AD Connect be installed on Domain Controller. The Server that deploys Azure AD Connect should be used as domain member.

○ if you deploy ADFS, then Server must be installed on Windows Server 2012 or above

○ if you deploy ADFS, you need SSL Certificates and configuration, name resolution

○ if global admin has MFA enabled, you need to trust the URL in the browser's trusted site list

Https://secure.aadcdn.microsoftonline-p.com

○ (individual synchronization, unnecessary steps) Microsoft recommends that Azure AD Connect Server be strengthened and security reduced.

§Securing administrators groups

§Securing built-in administrator accounts

§Security improvement and sustainment by reducing attack surfaces

§Reducing the Active Directory attack surface

SQL Server required by 5.Azure AD Connect

○ Azure AD Connect needs SQL Server Database to store identity data. We can also directly select Express mode during deployment, which uses SQL Server Express for storage. It has 10 GB storage space and can manage 100000 objects. If you need to manage more Directory objects, you need to deploy SQL Server (Microsoft SQL Server from 2012)

6.Accounts

○ Azure AD Global Administrator account

○ Active Directory Admin on premise (Exchange Admin)

7.Connectivity

The ○ DNS server must be able to resolve to the names of on-premises Active Directory and Azure AD endpoints.

○ if your intranet has a firewall, you need to open a port between the Azure AD connection server and your domain controller

○ Azure AD Connect and Azure AD communication protocols and ports

Summary of deployment Azure AD Connect:

1. Before deploying Azure AD Connect, you need to Add and verify Domain in Azure AD (Office 365) (and Godaddy is also required to configure it), otherwise sign in Azure AD will fail when configuring Azure AD Connect.

2. Https://www.microsoft.com/en-us/download/details.aspx?id=47594 download and install Azure AD Connect

3. If you are single-forest domain and use Password hash synchronize for authentication, you can use the default Express settings to install and deploy Azure AD Connect

4. If you synchronize users + attributes+organization from On Premise Active Directory not all, but according to OU batch synchronization or user attribute synchronization has special requirements, then you need to uncheck the "start the synchronization process when Configuration completes" check box in the final configure step

The steps described above are the steps for installing and deploying Azure AD Connect, and the specific usage needs to be used by everyone through hands-on experiments. If you want to know more about it, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.