ON-PREMISES AZURE AD INTEGRATION WITH MICROSFOT AZURE AD USING AZURE AD CONNECT (HYBRID INDENTITY MANGEMENT)
Project Definition:
An IT services Provider Company ABC Inc. is engaged into providing software development solutions. Currently, they are working on Hybrid model so some of the legacy applications are running on On-Premises and some workload running on Azure Cloud.
There are numerous applications which are trying to access few of the services from SAAS which is part of Hybrid infrastructure model and, hence the IAM plays an essential role here to grant access and do integration.
At the present, management is struggling to find a Hybrid IAM access management solution which allows and sync an On-Premises identity with Microsoft Azure Cloud and that’s where the Azure AD Connect comes to rescue.
Solution:
What is Azure AD Connect?
Azure AD Connect is an on-premises Microsoft application that’s designed to meet and accomplish your hybrid identity goals. If you’re evaluating how to best meet your goals, you should also consider the cloud-managed solution Azure AD Connect cloud sync.
Azure AD Connect Features:
ü Password hash synchronization
ü Pass-through authentication
ü Federation integration
ü Synchronization
ü Health Monitoring
Azure Active Directory (Azure AD) is a cloud-based multi-tenant directory and identity service. This reference architecture shows best practices for integrating on-premises Active Directory domains with Azure AD to provide cloud-based identity authentication.
Organizations can use Azure AD if they are ‘pure cloud,’ or as a ‘hybrid’ deployment if they have on-premises workloads. A hybrid deployment of Azure AD can be part of a strategy for an organization to migrate its IT assets to the cloud, or to continue to integrate existing on-premises infrastructure alongside new cloud services.
Historically, ‘hybrid’ organizations have seen Azure AD as an extension of their existing on-premises infrastructure. In these deployments, the on-premises identity governance administration, Windows Server Active Directory or other in-house directory systems, are the control points, and users and groups are synced from those systems to a cloud directory such as Azure AD. Once those identities are in the cloud, they can be made available to Microsoft 365, Azure, and other applications.
Why use Azure AD Connect?
Integrating your on-premises directories with Azure AD makes your users more productive by providing a common identity for accessing both cloud and on-premises resources. Users and organizations can take advantage of:
ü Users can use a single identity to access on-premises applications and cloud services such as Microsoft 365.
ü Single tool to provide an easy deployment experience for synchronization and sign-in.
On-premises AD DS server. An on-premises directory and identity service. The AD DS directory can be synchronized with Azure AD to enable it to authenticate on-premises users.
At the present there are many groups and users are running on On-Premises Active Directory Server which needs to be allowed accessibility on the Microsoft Azure Cloud hybrid identity management
Description:
This project was a challenge project for to deploy Hybrid identity management on Azure. The task was to manage On-Premises identity to integrate with Azure Cloud using Hybrid Identity Management service using Microsoft Azure AD Connect.
Task 1: In order to deploy and configure domain controller one has to require a registered and verified domain. DNS: abc.cloud.ca
Task 2: Once the domain is registered needs to go to Azure Cloud Active Directory service and verify the custom domain using the appropriate service.
Task 3: There has to deploy a Windows Server 2019 Datacenter on VMware machine which would On-Premises domain controller host machine which is hosting a DNS server and managing On-Premises Active Directory services.
Task 4: Thereafter install a Roles and features using Server Manager which would be installing a AD FS service feature, and then needs to configure a Active Directory Service installation.
Task 5: Then it has to create some user group and users which would be synced from On-Premises to Azure Cloud using Azure AD Connect service.
Task 6: Once users are created it has to configure Azure AD Connect and configure a new forest using custom DNS: abc.cloud.ca and select a active directory service for sync, and finish the process which would start syncing the On-Premises users to Azure Cloud.
Task 7: Go to Azure Cloud and verify that the On-Premises groups and users have been synced successfully and displayed under the respective section.
Tools & Technologies covered:
VMware Hypervisor
Windows Server 2019 Datacenter
Azure Cloud
Azure AD Tenant
Azure AD Connect
On-Premises AD DNS Server
On-Premises Active Directory Service
Azure AD Connect sync server
This migration project will be completed in following implementation phases.
Project implementation Phase:
Phase 1: Verify DNS on Azure Portal
Phase 2: Create Azure cloud test users on Azure Portal
Phase 3: Deploy On-Premise Active Directory Service
Phase 4: Create On-Premise groups and users
Phase 5: Deploy Azure AD Connect on On-Premise DC
Phase 6: Verify and validate that On-Premise Group and users have synced to Azure Cloud
Pre-requisite:
1) Registered domain: abc.cloud.ca
2) On-Premise Windows Domain Controller running on the domain name
3) On-Premise Test users on Windows DC server
4) Azure portal account
5) Active Directory Admin user: Global Administrator
Implementation:
Phase 1: Verify DNS on Azure Portal
1. Go to Azure Active Directory — custom domain
2. Add TXT record to Domain registrar account
3. Verify DNS from Azure Portal custom domain
Phase 2: Create Azure cloud test users on Azure Portal
1. Create Global Admin active directory user
2. Create few azure cloud test users
Phase 3: Deploy On-Premise Active Directory Service
1. Go to Vmware and deploy window server 2019 vm
2. Go to Server Manager — Manage — Add Roles and Features
3. Add Feature — Select ‘Active Directory Domain Services’
4. Verify that AD DS service is installed
5. Add New forest — abc.cloud.ca and finish the installation
Phase 4: Create On-Premise groups and users
1. Go to Tools — Active Directory Users and Computers
2. Create a new group name: office365
3. Create a new users
a. Vedant Patel
b. Alex Doe
c. John Smith
4. Assign users to group: office365
Phase 5: Deploy Azure AD Connect on On-Premise DC
1. Go to On-Premise Windows 2019 DC server
2. Using Browser — Login to Azure Portal
3. Go to Active Directory service- Default domain name — Download Azure AD Connect
4. Install Azure AD Connect
5. Connect to Azure AD using Azure Admin user — Global administrator
6. Connect to Active Directory using existing AD Account user
7. Finish the Azure AD Connect sync process
Phase 6: Verify and validate that On-Premise Group and users have synced to Azure Cloud
1. Go to On-Premise Windows 2019 DC server
2. Go to My PC — Properties — validate that custom domain displayed
3. Go to Azure Portal — Active Directory service
4. Validate that new Group: office365 synced from On-Premise to Azure cloud
5. Validate that new users synced from On-Premise to Azure Cloud
a. Vedant Patel
b. Alex Doe
c. John Smith
Congratulations…!!!! We have successfully implemented the Hybrid IAM solution 🚀
