Setting up Azure Active Directory Sync
The first step is to add a “custom domain” to Azure Active Directory in preparation for directory synchronization.
In this sequence we will add our custom domain (in my case “andyt.work”) to our default directory we were assigned when we created a new Azure account.
Login to the “old” portal https://manage.windowsazure.com
Select Active Directory from the left hand icons and then ensure the Default Directory is selected.
Now ensure one of your cloud user has “Global Admin” rights over the directory, here I have a user called “admin” that has that capability:
Now enter the “Domains” section of the Default Directory and Click the Add button at the bottom of the screen.
Enter the domain name you own and click “add”
The next step involves making a TX record entry with domain registrar. The details of the TX record are shown on screen. There is also a link to a web page describing the process of adding the required TX record for various different domain registrars.
Once you have added the TX record and waited a while for it to propagate click “Verify”
Having completed the verify process you should see the domain as verified , you can now switch the assigned primary domain to your custom domain using the “Change Primary” button at the bottom of the screen.
Specify your domain as the new primary and press the tick button to confirm
We now have registered our domain and made it the primary.
The next step is to synchronize our on premise active directory domain with the Azure hosted Active Directory.
Navigate to the Directory Integration section of the Default Directory and enable Directory Sync, and Save
Next download the AD connect tool to one of your domain controllers or a domain connected machine/VM from:
Run the Wizard
The AD Connect Wizard has an Express set up option which is sufficient for most cases
Enter the credentials of your Azure user that has Global Admin rights that we set up earlier (“admin” in my case).
Enter credentials of the local domain administrator
Finish by clicking Install
Back in the Azure portal you should now see any local users defined in your Active Directory domain also appearing in the users section of the Default Directory:
Your directory is now “synced” with Azure Active Directory, users can sign on to cloud based application using their username (email address) and the same password as they use on premise to sign onto your local domain.
3 thoughts on “Azure Application Proxy – Part 4”