Search This Blog

Thursday, November 12, 2015

Azure Active Directory Connect (AD Connect)with Single Sign On

 

This round, we are going to look at “Single Sign On” option. To do so, you’re require to prepare virtual machine

  • Windows Server 2012 R2 for federation server
  • Windows Server 2012 R2 for the Web Application Proxy
  • An SSL certificate for the federation service name you intend to use. (for example: fs.ms4u.local)

ADFS

Just to recap about AAD Connect :

AAD Connect streamlines the experience of extending your local directories into Azure AD so that fewer tools are required to install; it guides you through the entire experience so you are not required to read many pages of documentation; and it reduces the on-premises footprint because you are not required to deploy many servers.

AAD Connect is a single wizard that performs all of the steps you would otherwise have to do manually for connecting your Windows Server Active Directory to Azure Active Directory:

  • It downloads and installs pre-requisites like the .NET Framework, Azure Active Directory PowerShell Module, and Microsoft Online Services Sign-In Assistant
  • It downloads, installs and configures Dirsync (or AAD Sync), and enables it in your Azure AD directory.
  • It configures either the password sync or the single sign-on scenario, depending on which sign-on option you prefer, including any required configuration in Azure.
  • It checks to make sure that your configuration is working!

[Configuration]

  • Select Sign On

image

  • Enter a domain administrator account to connect to local domain

image

  • Select features :- Exchange hybrid and password write cache

image

  • Select how user should be identified in your on-premise directories

image

image

  • Select to connect to existing ADFS Farm or build a new ADFS farm. Enter your certificate file with private key and password

image

  • On ADFS and Web Proxy VM , execute winrn quickconfig

image

  • Enter your ADFS server farm and Web Application proxy. Here you can enter multiple server that you would like AAD Connect to build

image

image

  • Enter a domain user account which has local admin right on the federation server

image

  • Create a group managed service account or use an existing domain user account

image

  • Select the domain that you would like to be federated

image

Lastly review the summary and click Install to deploy. AAD Connect will start to deploy

  • DirSync on existing VM that you have installed AAD Connect
  • Install and Configure ADFS
  • Install and Configure Web Application Proxy
  • Start the initial synchronization

image

That’s complete the entire process.