Let’s discuss the Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD. SCCM admins must go through the AAD Connect setup to build an Intune and SCCM hybrid lab.
AAD Connect is the app used to sync On-Prem AD with Azure AD. It can be installed on any server-class machine. The AAD Connect sync operation is critical for organizations.
If you plan to sync the hash of your passwords to the cloud, the AAD Connect setup configuration is pretty straightforward. However, if you have specific and advanced AAD Connect setup requirements, you must spend a lot of time on the initial setup.
AAD Connect setup and configuration will install and configure SQL Express DB. For big corporate organizations, we need to select advanced settings. These settings can be configured in advanced settings, as they may have custom attributes used in their sync process.
Also, the password hash may not be synced, and the ADFS configuration has been used for authentication.
Table of Contents
- Restore Deleted AAD User from Azure Active Directory Portal
- AAD Groups based on Intune Device Categories
- Create Nested AAD Dynamic Groups based on MDM Feature
- Create AAD Dynamic Groups Based On MDM Intune SCCM Management
Microsoft Azure Active Directory Connect
The window below helps you show the Microsoft Azure Active Directory Connect Express Settings. We will do the following if you have a single Windows Server Active Directory forest.
| Express Settings |
|---|
| Configure synchronization of identities in the current AD forest of ASST |
| Configure password synchronization from on-premises AD to Azure AD |
| Start an initial synchronization |
| Synchronize all attributes |
| Enable Auto Upgrade |
Azure AD AAD Connect Setup – Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD
I have selected “Express Settings” for my lab, so installation is straightforward. You must provide two credentials during the configuration: AZURE AD and On-prem AD. UPN suffixes should match one of the verified custom domains in Azure AD to use on-premises credentials for Azure AD sign-in.
I have changed the UPN suffixes of 4 Prem AD users so that those On-Prem AD users will get synced with Azure AD. The high-level steps are completed in the AAD Connect setup and configuration wizard. Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD?
- Install and Configure SQL Express DB
- Install the synchronization engine
- Configure Azure AD Connector
- Configure On-Prem AD Connector
- Enable Password Synchronization
- Enable Auto Upgrade
- Configure Azure AD Connect Health Agent for sync
- Configure Synchronization services on the computer
- End Results/Outcome of AAD Connect Sync
The AAD Connect sync process will start after the AAD Connect setup and configuration. As you can see in the above screen capture, the configuration has been completed successfully on my On-prem AD server. To confirm whether the on-prem users/groups synced with Azure AD, log in to portal.azure.com and confirm the user IDs.
You can sync on-prem user identities/attributes and passwords to Azure AD using Azure AD Connect. Azure AD connect installation and configuration is very straightforward if we use (express settings 🙂 ).
I have a video tutorial here that helps you understand the AAD connect configuration, How to enable MFA for Azure AD to join Windows 10 devices and Twitter app integration with Azure AD.
This post will cover two other Azure AD (AAD) Sync topics.
- Where is the Scheduled Task used to create Azure AD?
- How to Create a service connection point in on-premises Active Directory?
- Video Tutorial – How to Sync On-Prem AD User Accounts with Azure AD
Windows 10 MDM devices can write back to on-prem AD. More details are available here. AAD Connect is mandatory for the write-back feature of Windows 10 devices.
Earlier versions of Azure AD Connect used a Windows task scheduler to schedule the Azure AD sync of on-prem objects and attributes. The latest version has a built-in sync engine, so we won’t be able to find a scheduled task for AAD Connect.
The new default synchronization frequency is 30 minutes. We can change the AD Sync Schedule using the PowerShell command “Get-ADSyncScheduler” and other parameters documented here.
PS C:\Users\anoop\Desktop> Get-ADSyncSchedulerAllowedSyncCycleInterval : 00:30:00
CurrentlyEffectiveSyncCycleInterval : 00:30:00
CustomizedSyncCycleInterval :
NextSyncCyclePolicyType : Delta
NextSyncCycleStartTimeInUTC : 26-05-2016 02:06:23
PurgeRunHistoryInterval : 7.00:00:00
SyncCycleEnabled : True
MaintenanceEnabled : True
StagingModeEnabled : FalseI had trouble creating a service connection point in the on-premises Active Directory. This service connection point is used to “Connect domain-joined devices to Azure AD for Windows 10 experiences.” I followed the documentation here to configure the service connection points in on-prem AD but got stuck with PowerShell Commands. However, I ran the PowerShell commands per the above documentation with no luck.
After that, I installed the appropriate version of the Windows Azure Active Directory Module for Windows PowerShell. Then I tried to run the following PowerShell commands, which worked like a champ!
PS C:\Users\anoop\Desktop> Connect-MsolService PS C:\Users\anoop\Desktop> Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1" PS C:\Users\anoop\Desktop> Initialize-ADSyncDomainJoinedComputerSync cmdlet Initialize-ADSyncDomainJoinedComputerSync at command pipeline position 1 Supply values for the following parameters: AdConnectorAccount: nair\Anoop AzureADCredentials Initializing your Active Directory forest to sync Windows 10 domain joined computers to Azure AD. Configuration Complete
How to Sync On-Prem AD User Accounts with Azure AD
SCCM Intune Step-by-Step Training Video Guides help you understand the AAD connect configuration, how to enable MFA for Azure AD, join a Windows 10 device, and integrate the Twitter app with Azure AD.
This post will cover two other Azure AD (AAD) Sync topics. I’ve already downloaded and installed the AAD connect tool, and I can show you how to configure it and start syncing it.
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.