Testing AADConnect Part 4 - Installing and configuring
In the previous post, we saw how to bulk create users.
So till now we have performed the below
- Install Hyper-V in our lab machine
- Created a Virtual Machine
- Made it a Domain controller
- Created a bulk of users via script
Now we downloaded the AAD Connect software . Always search and download the latest version.
Installed .net 4.0 and 4.5.1.
Now when I tried to install the AAD Connect I go the below error.
Installed the below
- SP1 on Windows 2008 R2(It is a 1.9 GB file)
- Windows Management Framework for PowerShell
Now that we have installed all the pre-requisites, went ahead and started the AAD Connect EXE.
Start the install
Our domain is Praveen.local , its not internet rotatable domain(.local). We will change this later. We have it now as .local so that we can see the error and warning we get.
We will use Custom setting so that we can see all the options. If we have a small org and we are not going to do any configuration we can Use Express Settings
In the below screenshot you can see that we can set the below
- Location to install AAD Connect
- If we have a Pre-existing SQL Server its settings(If we are not using Windows Internal Database, In this post, we will talk about doing an install which uses the WID)
- If we have an existing Service account that should be used for this that has local admin credentials on this server
- Any custom Sync groups that you want to sync
For your advantage took a screenshot at regular interval which shows the different stages of this installation.
Once the wizard performs the necessary configuration. We get the option to choose how we want our users to Sign-In to Office 365.
Post selecting the User Sign-in option, we will get the option to choose the office 365 account that has global admin permissions.
The below get configured.
Now that we have given Office 365 GA account, now we need to give a service account that has permissions to read and write to our on-premise AD.
Next, we will get a list of all the UPNs defined in our organization. The main aim to use the .local domain in on-prem is for seeing this error.
We have to add an alternative UPN suffix that is internet route-able and our company owns.
Note: It's better to fix this problem before moving ahead. I am not going to fix this as I want to capture the further details.
Here we can also choose the on-prem attribute that will be used as the username in the cloud.
It's best to leave it as userPrincipalName
Next option in the wizard is very important and what many folks might use. Its selecting Domain and OU filtering.
Here I have created an OU called "Non Syncing OU" , and I am not going to sync that OU.
If we have multiple on-prem Org syncing to one Office 365 tenant (azure AD), next Option in the wizard helps us select how the same objects in different On-prem orgs are represented once in Azure AD.
Also, we can choose which on-prem attribute is used to link the cloud user with the on-prem user.
Next, we get an option to select additional features if we want to select any.
Uncheck the option that says "Start Synchronization" unless you want to Sync the directory to the cloud.
Here I am un-checking the "Start Synchronization" and "checking the "Staging mode"
Now that we have completed the wizard we can exit
Note: Staging mode is used when you already have an AADConnect server syncing to the cloud, but as a backup for quick turnover if the primary server goes down you need another server which is ready to take its place then we use, Staging mode. I am just showing the option is available.
In the next post, we will complete the Synchronization and take note of few checklist.