Disclaimer: My experience with Azure, AWS and pretty much every cloud hosted service thus far tells me this post could become dated very quickly so this post should serve simply as a moment in time brain dump.
When rebuilding my homelab environment recently, I went through these steps again and thought others may find it useful so I documented to share my steps. In my scenario, I have MSDN credits for Azure, I opted not to use Active Directory Federation Services, if implanting for an organization, you may want to do that. I just wanted to sync my on premises active directory users and groups into Azure and use my existing domain. The steps were very easy.
I must warn you, later I decided that I also wanted to setup a personal Office 365 subscription using my domain for e-mail purposes and discovered it’s best to setup and configure for Office 365 first, otherwise you could have to remove DNS record entries set during this setup in order to setup Office 365 and it gets a little messy. If you would like to setup Office 365, I suggest doing that first.
I started off by creating and activating a new Azure account. This creates a default user and directory. As you can see under Azure Active Directory –> Overview, Sync is not enabled for Azure AD Connect and Users and groups contains only one user.
Navigate to Azure Active Directory –> Domain names and click Add domain name
Enter a Domain name and click Add Domain
Next, you will be provided with DNS information, which you will need to setup on a public DNS server to allow Azure to reach and verify your domain. You can select TXT or MX, either one will work.
In my case, I used my web hosting provider to set my DNS records. My provider is awesome, they have full documentation for setting these DNS records for Azure. For my provider, the settings are as above. Domain is left blank.
NOTE: If you intend to also setup Office 365, I suggest you start with that setup as it requires more DNS records and setting it up after Azure will require you to remove this record and set others.
After several minutes or even up to an hour depending on your DNS provider, click Verify.
My next step was to create a New user. This user must not contain @outlook.com.
I assigned the Directory role Global administrator. This is my domain account which I will use during my AD Connect setup, which is coming up in this post.
I sign in with my global administrator account and reset the password.
On a Domain Controller in my home lab, I run the install for Azure AD Connect and enter the credential for my global administrator account, which I just created.
Before proceeding on my domain controller, I had to ensure I had the UPN suffix for the domain I wish to use.
Note: my on premises domain isn’t actually rorymon.com but I wish to use that domain for Azure.
When the configuration is complete, you will notice there is another step required if you’d like to sync your Windows 10 domain joined computers.
To do this you will need the above RSAT features enabled.
With those features available, I installed the Azure AD Module for PowerShell:
Click Next >
I ran the cmdlets:
Set-ExecutionPolicy Unrestricted
cd “C:\Program Files\Microsoft Azure Active Directory Connect\ADPrep\”
import-module .\ADSyncPrep.pms1
Initialize-ADSyncDomainJoinedComputerSync
When prompted enter global administrator credentials.
