Integrating on-Premises directories with Azure AD using Azure AD Connect

|  Posted: March 5, 2018  |  Categories: Azure Serverless360

Serverless360 provides Azure AD based authentication for the organization users. This document is intended for those organizations who manage their users using on-premises directories. To use Serverless360, its necessary to integrate your on-premises directories with the Azure AD using Azure AD Connect and configure Serverless360 with the Azure AD details.

Why Serverless360 uses Azure AD based Authentication?

Using Azure AD based authentication in Serverless360 has the following advantages,

  • Simplified authentication solution
  • Reliable Identity as a service from Microsoft Azure
  • Supports industry- standard protocols, hence are assured of security
  • Single Sign on to Serverless360 and other Microsoft applications
  • Hassle free User management, User removed from Organization Active Directory will automatically lose access to Serverless360  

Why Should I Integrate on-Premises directories with Azure AD?

  • Integrating on-premise directories with Azure AD makes the users in the organization more productive by providing a common identity for accessing both the cloud and the on-premises resources.
  • Organizations can provide users with a common hybrid identity across on-premises or cloud-based services leveraging Windows Server Active Directory and then connecting to Azure Active Directory.
  • Administrators can provide conditional access based on application resource, device and user identity, network location, and multifactor authentication.
  • Users can leverage their common identity through accounts in Azure AD to Office 365, Intune, SaaS applications and third-party applications.
  • Developers can build the applications that leverage a common identity model, integrating applications into Active Directory on-premises or Azure for cloud-based applications.

Why should I use Azure AD Connect?

  • Azure AD Connect makes this integration easy and simplifies the management of your on-premises and cloud identity infrastructure.
  • Azure AD Connect replaces any other older versions of identity integration tools such as DirSync and Azure AD Sync. For more information on available tools and comparison, read this Hybrid Identity directory integration tools comparison.
  • Azure AD Connect will be now the only directory synchronization tool supported by Microsoft as DirSync and AAD Sync are deprecated and supported only until April 13, 2017.

How to Integrate using Azure AD Connect?

  • Prerequisites – Before heading with the Azure AD Connect installation, make sure that you:
    • are on the server that will handle the synchronization (Supported OS versions: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016)
    • Find the documentation with exhaustive information on prerequisites
    • have downloaded Azure AD Connect from Microsoft Download Centre
    • have a verified domain in Azure Active Directory, in case of a non-routable domain (such as .local domain) prepare the domain for directory synchronization as specified here
  • Install Azure AD Connect
    • Choose the most appropriate mode of installation based on your scenario
Scenario Appropriate Mode
  • Used when you have a single forest AD
  • User sign in with the same password using password synchronization

Express settings

  • If you have multiple forests. Supports many on-premises topologies
  • Customize your sign-in option, such as ADFS for federation or use a 3rd party identity provider
  • Customize synchronization features, such as filtering and writeback

Customized settings

Used when you have an existing DirSync server already running

Upgrade from DirSync

When there are different methods depending on your preference

Upgrade from Azure AD Sync or Azure AD Connect

  • Verify integration and add Sync Admins
    • By default, only the user who did the installation and local admins can manage the installed sync engine.
    • Verify the scheduled synchronization task
    • You can refer to this guide for post-installation procedures
  • More on Azure AD Connect
    • You may also want to prepare for operational concerns if any. You might want to have a standby server so that you can easily fall over if there is a disaster. If you plan to make frequent configuration changes, then you should plan for a staging mode server.
    • Refer this link for exploring more about Azure AD Connect
  • On completion of syncing on-premises directories with Azure AD, continue with configuring Serverless360 with Azure AD.

Serverless360 is a one platform tool to operate, manage and monitor Azure Serverless components. It provides efficient tooling that is not and likely to be not available in Azure Portal. Try Serverless360 free for 30 days!

Free-Trial
Author: Ezhilarasi Chezhiyan

Ezhilarasi Chezhiyan, Technical Lead for the product, Serverless360, at Kovai Systems India Pvt Ltd. She has over 8 years of experience in Software development with knowledge spectrum spread across various domains. Problem-solving is her passion and she believes in the quote by Albert Einstein- "Intellectual growth should commence at birth and cease only at death"