image
Deploy Azure AD Connect

Contents

Designing for Azure Identity Management
1
Introduction
PREVIEW2m 34s
Conclusion
28
Summary
5m 50s

The course is part of these learning paths

Azure Administration
25
3
16
Designing Azure Identity, Management, and Governance Solutions - Level 3
8
3
SC-900 Exam Prep: Microsoft Security, Compliance, and Identity Fundamentals
32
2
1
SC-300 Exam Prep: Microsoft Identity and Access Administrator (PREVIEW)
16
1
3
1
AZ-305 Exam Preparation: Designing Microsoft Azure Infrastructure Solutions
30
5
14
1
Microsoft Azure for Solution Architects
30
8
15
AZ-104 Exam Preparation: Microsoft Azure Administrator
27
4
17
1
AZ-204 Exam Preparation: Developing Solutions for Microsoft Azure
22
3
11
1
AZ-500 Exam Preparation: Microsoft Azure Security Technologies
31
1
12
1
Architecting Microsoft Azure Solutions
10
5
5
Azure Services for Security Engineers
7
2
3
more_horizSee 8 more
Start course
Overview
Difficulty
Advanced
Duration
1h 41m
Students
13965
Ratings
4.6/5
starstarstarstarstar-half
Description

This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.

Learning Objectives

  • Study and understand what Azure AD Domain Services do and what they can offer
  • Learn to create and manage hybrid identities via Azure AD Connect 
  • Understand the principles of Azure MFA and SSO, and how to enable them
  • Recognize and deploy the key principles of Azure AD B2B and B2C 
  • Learn and utilize Privileged Identity Management

Intended Audience

This course is intended for:

  • IT professionals who are interested in getting certified with MS Azure
  • Those looking to become Azure architects and/or tasked with designing identity management solutions

Prerequisites

  • A mid-range knowledge of MS Azure is recommended before starting this course
  • An understanding of identity management concepts

Related Training Content

For more courses related to MS Azure, visit our dedicated Content Training Library.

 

 

 

Transcript

In this demonstration, we're going to deploy Azure AD Connect so we can sync our on-prem active directory users to Azure AD. We are also going to need to ensure that we synchronize NTLM and Kerberos credential hashes to Azure AD, since this isn't done by default. To get started, login to the server that will run Azure AD Connect and download the Azure AD Connect software. Launch the Azure AD Connect installer that you downloaded. Because our lab environment in a single forest with an internet routable domain name, we can use the express option. 

When prompted, we'll connect to Azure AD by providing our global admin credentials. And then, we can then connect to the on-prem AD by providing an enterprise admin credential. Clicking install begins the setup of Azure AD Connect. When the installation completes, click Exit. Because Azure AD Connect does not by default synchronize NTLM and Kerberos credential hashes to Azure AD, we must ensure that these hashes get synchronized if we want to use Azure AD Domain Services. To enable synchronization of the required credential hashes from your on-premises directory to the Azure AD tenant, run the script that you see on your screen:

$adConnector = "<CASE SENSITIVE AD DS CONNECTOR NAME>"

$azureadConnector = "<CASE SENSITIVE AZURE AD CONNECTOR NAME>"

Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync"

$c = Get-ADSyncConnector -Name $adConnector

$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null

$p.Value = 1

$c.GlobalParameters.Remove($p.Name)

$c.GlobalParameters.Add($p)

$c = Add-ADSyncConnector -Connector $c

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $false

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $true

What this script will do is enable all on-premises users' NTLM and Kerberos password hashes to be synchronized to the Azure AD tenant. This script will also initiate a full synchronization in Azure AD Connect. 

The values for $adconnector and $azureadconnector variables can be found in the Azure AD Connect synchronization service manager. What I've done is create a PowerShell script called NTLMSync.ps1. This script includes all of these commands. I just need to open PowerShell on the Azure AD Connect server to run the script. The output tells me that the password hash sync configuration has been updated.

About the Author
Avatar
Thomas Mitchell
Instructor
Students
81999
Courses
86
Learning Paths
63

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.

Covered Topics

Identity and Access ManagementSecurityMicrosoft AzureSecurity for Azure