In the last few sections we talked about setting up the Office 365 tenant from scratch and them applying the external domain to it. It is now ready to go but we now need to add the users/groups/contact etc from your Active Directory On Premises into the new Azure AD and Office 365 configuration. To do this you are going to need the following.
- A server in your organization that can see the local DC’s and GC servers.
- That server will need outbound internet access.
- An account setup (service account) for the sync of the accounts.
- Admin address to the Office 365 tenant.
Firstly lets take a look at the local Active Directory structure for the Light Blue Frog organization. The AD is relatively new and was thought out well in advance. This is not normally the case in most AD deployments so I recommend using the following tool – idfix – which is available from Microsoft using this link. https://www.microsoft.com/en-us/download/details.aspx?id=36832 This will tell you what remediation needs to be done on the domain before you sync to Office 365.
UPN – Discussion. It is an important factor to think about what ID your users will login to the cloud services with. The UPN (User Principal Name) is in Active Directory and I will speak more on this later. In the mean time have a look at this to assist – Why your UPN should match your email address
You also need to think about what you actually want to sync, as later on we will pick out the OU’s that will go up to the cloud. Below is a layout of the Light Blue Frog domain structure.
Now let’s login to the AAD Connect Server and install the Azure AD Connect software. This can be found at this link. https://www.microsoft.com/en-us/download/details.aspx?id=47594 This needs to be installed on the AAD Connect server. Download the software and start the installation process. Before we do that it might be worth having a quick look at this Microsoft article that talks about what you can/can’t do with AAD Connect. https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologies
On the first run through of AAD Connect when you start you will get the normal Welcome screen and get the opportunity to do an Express or Custom Install. I will select the custom install because I want to specify the account that AAD uses to connect to Active Directory. Let’s go ahead an put in the account ‘svc_aadconnect’ which is a privileged account in Active Directory. It is relevant to show what the Azure AD looks like before we start. We do need to create a Service Account that the AAD Connect software will use to synchronize the data. The screenshot below shows this configuration.
After this, the user list will look very simple. With just the Admin user we created at the start and the Service Account for the Sync.
Now we can go ahead on the local server and start the installation process.
Hit Continue and the configuration process will start.