Archive for May, 2018

I registered astrahome.xyz domain in office 365, i have on-premise AD test.com, added astrahome.xyz as additional UPN

18.PNG

Created couple of users with astrahome.xyz as UPN

 

19.PNG

 

Preparing AD synchronization

  • UPN is not blank
  • UPN must be unique
  • UPN must be registered with office 365
  • Remove illegal characters

All this checks will be performed by ldfix tools

Download and run it (click query), if there are any errors it will be highlighted

1.png

Azure AD connect is a tool that synchronizes user identities, so the same set of login credentials can be used to access resources on both your on-premises and cloud environments.

Azure AD connect requirements:

  • verified domain in Office 365
  • You should not have PowerShell Transcription Group Policy enabled.
  • You must have .NET Framework 4.5.1 or later versions and Microsoft PowerShell 3.0 or its later versions.
  • Every Azure AD connect server requires a DNS resolution, regardless of whether it is for the Internet or the intranet
  • Your service account should be located in the domain if your proxy server requires authentication.

Download AD connect

 

2.PNG

You can choose between express and custom installation

3.PNG

You can specify custom installation or SQL server

4.PNG

Select Sign-in method

 

5.PNG

specify Office 365 credentials

6.PNG

select on-premise AD domain

 

7.PNG

Specify on premise Domain Administrator account

 

8.PNG

 

9.PNG

 

test.com is my internal domain,so no verification for it

 

10.PNG

 

Select what will be synchronized

 

11.PNG

 

 

 

Specify how users will be identified

 

12.PNG

 

 

 

Choose will you synchronize all users

 

13.PNG

Select Optional features

 

14.PNG

 

Start synchronization

 

15

Synchronization is complete

 

16.PNG

 

In office 365 portal we can see there are no errors

 

16-1.PNG

And we can see users are copied to Office 365 portal

 

17.PNG

Advertisements

Signing in with password only is not much secure way of authentication,it would be nice if we can add additional security layer.

Go to Azure Active Directory-User-All users-click on Multi-Factor Authentication

 

Capture.PNG

To set additional options click service settings

 

2.png

We can allow users to set password for non-browser apps (outlook,for example),verification options,and allow bypass multi-factor authentication

 

3.PNG

Select user for who we want to enable MFA

4.png

Next time users logs in he’ll get this message

5.PNG

Select how user will get authentication code:

 

6.png

 

7.PNG

On mobile phone install Microsoft authenticator and scan QR image

8.PNG

9.PNG

If you wish,add additional verification

10.PNG

When user is prompted for code, he just needs to open Microsoft Authenticator and to provide password and code

8-1.png