Configure Active Directory Connect

Extending Identities to the Cloud.

Configure Active Directory Connect

We’re almost ready to synchronize our identities, but first we’ll create a new global admin (specifically for the new Azure AD Tenant) and use that account for AD Connect.

I will be creating a new Global Admin on my Azure Active Directory Tenant and using that account in AD Connect to synchronize my on-premise users (

  1. In Azure Portal > Azure Active Directory > Users and Groups > All Users > New User > Set Name, User name and Global Administrator as the Directory Role > Copy the password.

Noticed I have created a global administrator

  1. Open up a private browsing/incognito session and log in as the global administrator you just created.

  1. In the Active Directory virtual machine (adVM), download Azure Ad Connect from and run the installer (you may need to change your internet zone settings to download the file). Agree > Continue > Customize > select Pass-through authentication (this means all authentications are completed using the on-premise Active Directory), select > Enable single sign-on (this means users that use devices that are Active Directory domain joined will be automatically logged into cloud applications seamlessly - a great feature!)

  1. Enter the Global Administrator details for the new Azure Active Directory Tenant > Next

I have used my global admin

  1. Connect the Directories by allowing the AD Connect wizard to create an account for AD Connect to use. Add Directory > Create new AD Account > Enter new Username and Password > OK

I created a user of WILDECOMPANY.LOCAL\ADC for AD Connect to use when syncronising

  1. The on-premise and cloud directories are now connected! Next

  1. Notice the on-premise domain shows not added and the new Azure Active Directory public domain shows as verified. Next

  1. Choose what OU’s you want to sync.

All my users are in the Users organizational unit but you may seperate them out to remote/cloud/departmental groups.

  1. Choose how you want to uniquely identify your users > Next

I only have a single on-premise directory so the default options work but if you have multiple directory you need to choose what makes a user unique.

  1. Next

Again, for this lab we can synchronize all users but you could apply some filtering to only sync the users that would use the cloud.

  1. Password writeback > Next

I have selected password writeback (so any password changes in the cloud will replicate to on-premise) and have not selected password synchronization (so passwords are not actually stored in the cloud).

  1. Enable Single Sign on > authenticate with your local domain admin > Next

If you add Windows 10 devices to the on-premise domain they can be authenticated automatically with cloud applications.

  1. Confirm you want to start synchronization after the installation is complete > Install

  1. Notice the information displayed > Exit

  1. Let’s verify the connection, in the Azure portal > Azure Active Directory > AD Connect

Notice my sync status, seamless single sign-on and pass-through authentication are all enabled for wilde company.

  1. Users and Groups > All Users

Notice the new users and their usernames, these have been synchronized from on-premise.

  1. Let’s test logging into the cloud as user1 by logging into the Microsoft Access Panel Applications - This is where all the cloud and on-premise applications would be once they’ve been assigned, such as Office 365, Salesforce, Box, Docusign, Concur, etc

Example Access Panel Applications below

Lab complete.

So to recap, we have created a new on-premise Windows Active Directory Domain (with a few users) > created a new Azure Active Directory Tenant > modified our on-premise users’ UPN Suffix (so they have a matching login to on-premises and the cloud) > configured AD Connect and extended our identites to the cloud.

Now we have connected our on-premise and cloud directories you can open up cloud functionality to those synchronized users!