In this article we will see how to configure Azure AD Connect when you on-premises AD Domain is not routable.
In my case I will use a lab.local on-premises AD Domain.
The following steps also involve 2 different Azure Subscription/Azure AD for which I will create users on my lab.local domain and provide access to users for both Azure AD Domains.
- Here is the detail of my lab:
- The main purpose is to be able to use LAB.LOCAL domain with users from both Azure AD Domain.
- UPN for each Azure AD Domain have been created.
- OUs for each Domain have been created and 2 Azure AD Connect servers have been provisioned, 1 for each Azure AD Domain.
- The synchronization will occur at each OU level.
Installation of Azure AD Connect
Before you start installing Azure AD Connect, make sure to download Azure AD Connect
You can see these steps in action in the videos section.
- Sign in as a local administrator to the server you wish to install Azure AD Connect on. You should do this on the server you wish to be the sync server.
- Navigate to and double-click AzureADConnect.msi.
- On the Welcome screen, select the box agreeing to the licensing terms and click Continue.
- On the Express settings screen, click Customize.
- Select Use an existing service account, provide the credentials and click on Install
- Select your options and click on Next
- Provide your Azure AD administrator credentials and click on Next
- Click on Add Directory
- Provide UPN credentials and click on OK
- Click on Next
- Select the check box Continue without matching all UPN suffixes to verified domains and click on Next
- Select radio button Sync selected domains and OUs, select the OU to synchronize and click Next
- Select your options and click on Next
- Click on Next
- Click on Next
- Above the local Domain click on Enter credentials
- Provide administrator credentials and click on OK
- Click on Next
- Click on Install
- Click on Exit
- To use AD DS password to authenticate to Office 365, User sign-in must be set to Pass-through authentication
Validation
- Log to your Azure portal
- Click on Azure Active Directory
- Click on Users
- We can see that user and computer account (for Azure AD Connect) have been created on Azure
To go further with validation we can assign an Office 365 License to the user and connect to Outlook using AD credentials.
Once the user mailboxe is provisioned, open a browser and point to https://www.office.com
- Click on Sign In
- Provide the on-premise user’s UPN and click on Next
- Provide user’s on-premise AD password and click on Sign in
- After successful authentication the above screen is shown to user