At this point it is easy to just hit the Express Settings option and let it do what it says, but I am suggesting against this. There are various options that do need attention and are better served in the future work on the tenant that we will discuss later. So, hit customize and let me explain why.
And here is the reason, the service account that we want to use to pick the information from the local Active Directory can be set specifically here. If you haven’t created one that is similar, then go ahead and do it now. It will require Domain Admin but can be set to be not an Interactive Login to prevent any user from using it to get into a server. Carry on and hit Install.
Now here we are setting this up as Password Hash Sync to the cloud. Choosing not to go down the path of ADFS or Pass Through authentication at this point. We can discuss those in a later post. Now, I am also NOT selecting the ‘Enable Single Sign-On’ also. This is also covered in a later post. For now, accept those options and hit Next.
And this is where we enter the details of the service account that we will use to connect to Azure AD. This is the one we created at the beginning. Enter those details and carry on.
The system knows about the instance of LightBlueFrog because of the account that we connected with but we do need to tell it what we want to be synced. This starts with adding the lightbluefrog.com local domain to the list of domains that will be part of the sync. Hit Add Directory.
Here to connect to the LightBlueFrog domain we once again enter the credentials for the local service account that we created for that purpose. Do that and hit OK.
Once accepted it will get an acceptance icon next to it and you can then hit Next to continue.
