© 2019

Connect Domain to Azure Active Directory (AAD) with Azure AD Connect

View Categories

Connect Domain to Azure Active Directory (AAD) with Azure AD Connect

2 min read

To connect an on-premises Active Directory Domain Services (AD DS) with Azure Active Directory (AAD) using Azure AD Connect, follow these steps:

1. Prepare Your Environment #

  • Ensure your on-premises AD DS is healthy (check replication, DNS, and time synchronization).
  • Verify that your domain functional level is Windows Server 2008 or later.
  • Ensure Azure AD tenant is available (create one if necessary).
  • Assign Global Administrator role in Azure AD for installation.
  • Create a service account in on-prem AD with necessary permissions (MS recommends a dedicated account).

2. Download & Install Azure AD Connect #

  • Download Azure AD Connect from Microsoft’s official site.
  • Install it on a domain-joined server (preferably not a domain controller).
  • Ensure .NET Framework 4.7.2 or later is installed.
  • The server should have internet access to connect to Azure AD.

3. Choose the Installation Mode #

  • Express Setup (Recommended for most scenarios)
    • Automatically configures password hash synchronization (PHS).
    • Uses default settings, requires Enterprise Admin credentials.
  • Custom Setup (For hybrid setups, staging, multiple forests, etc.)
    • Offers more control over sync settings, authentication methods, etc.

4. Select Authentication Method #

  • Password Hash Synchronization (PHS) (Default, simplest to set up).
  • Pass-through Authentication (PTA) (Users authenticate against on-prem AD).
  • Federation (AD FS) (For SSO via AD FS, requires additional setup).
  • Hybrid Azure AD Join (Enables seamless SSO for on-prem and cloud).

5. Configure Sync Settings #

  • Select On-Prem AD Forest to sync with Azure AD.
  • Define OU/Attribute Filtering (sync all users/groups or specific ones).
  • Choose User Sign-In options (UPN Mapping, Alternate Logins if needed).

6. Verify & Enable Synchronization #

  • Verify domain UPN suffix matches Azure AD domain (or add a custom domain).
  • Complete the installation and enable directory sync in Azure AD.
  • Azure AD Connect automatically starts initial synchronization.

7. Monitor & Manage Synchronization #

  • Use Synchronization Service Manager (MIISClient) to monitor sync jobs.
  • Configure Azure AD Connect Health for alerts and performance monitoring.
  • Periodically review logs for sync errors and resolve any identity conflicts.

8. Optional: Configure Hybrid Identity Features #

  • Seamless Single Sign-On (SSO) for automatic sign-in on domain-joined devices.
  • Hybrid Azure AD Join to register on-prem devices in Azure AD.
  • Password Writeback (Allows users to reset passwords via Azure AD).
  • Group Writeback (For syncing Microsoft 365 groups to on-prem AD).
Updated on February 7, 2025

What are your Feelings

  • Happy
  • Normal
  • Sad

Powered by BetterDocs

No Responses

© 2025 InnovaMines. Created for free using WordPress and Kubio