If you choose not to use federated authentication, you can configure your servers with AAD Connect and then only choose to synchronise both your users and passwords to AAD. The steps below will help you to set up such a configuration.

This Step-by-Step guide contains several Powershell scripts and explanation for the following steps:

You can use parts of this script or run every step on the servers you want to configure. Be aware that every step has its own variables where you will have to set your own configuration options.

 

Step 1: Install the ADDS Role and DNS on your server(s)

***In case you already have a domain set up, you may skip this step and continue with step 2***

To use the AAD Connect tool and sync your users between your (on-premise) domain and the Azure AD, you would need a domain, and a domain controller. This Powershell script, will install the ADDS role and DNS. In case you already have a domain set up, you can skip this step.

Install ADDS Role and DNS 
########################################### INSTALL ADDS ROLE AND DNS ########################################### 
$ComputerName = "YOUR COMPUTER NAME"
$DomainName = "YOUR DOMAIN NAME"
$DatabasePath = "C:\Windows\NTDS"
$DomainMode = "Win2012R2"
$DomainNetbiosName = "YOUR DOMAIN NETBIOSNAME"
$ForestMode = "Win2012R2"
$Logpath = "C:\Windows\NTDS"
$SysvolPath = "C:\Windows\SYSVOL"
#### Get Windows features to check if the ADDS role is available ####
Get-windowsfeature
 
#### Installing the Active Directory Domain Service ####
Install-windowsfeature AD-Domain-Services
 
#### Import the required modules for the ADDS Deployment ####
Import-Module ADDSDeployment
 
#### Install new Domain Controller in a new Forest ####
Install-ADDSForest -DomainName $DomainName -NoDnsOnNetwork -DatabasePath $DatabasePath -DomainMode $DomainMode -DomainNetbiosName $DomainNetbiosName -ForestMode $ForestMode -LogPath $Logpath -SysvolPath $SysvolPath -CreateDnsDelegation:$false -InstallDns:$true -NoRebootOnCompletion:$false -Force:$true
 
#### Install ADDS Tools ####
Import-Module ServerManager
Add-WindowsFeature RSAT-ADDS-Tools

Step 2: Run and finish the AAD Connect tool setup before you continue

You will need to have a working AAD Connect configuration before continuing with the next steps. In case you don't have a working AAD Connect setup, please follow the instructions in the setup guide below.
This guide contains the configuration steps, that we used and it is a working configuration for our reference topology. Of course there are many other configurations possible, so please choose the configuration, needed for your topology.

You can download the AAD Connect tool here.
You can find more information on supported topologies on this page.
There is also more information to be found about the express or customized installation of AAD Connect.

 

  • No labels