SCCM admins have to go through AAD connect setup when they want to build Intune and SCCM hybrid lab. AAD Connect is the app used for syncing On Prem AD with Azure AD. AAD connect app can be installed on any of the server class machine. AAD Connect sync operation is very critical for organizations. If you are planning to sync hash of your passwords to the cloud then, the configuration of AAD connect setup is fairly straight forward. If you have specific and advanced AAD Connect setup requirements then, you need to spend loads of time in the initial setup.
AAD connect setup and configuration will install SQL Express DB and configure it. For big corporate organizations, we need to select the advanced settings. They may have custom attributes used in their sync process. These kind of settings can be configured in advanced settings. Also, there could be possibility that password hash is not synced and ADFS configuration has been used for authentication.
But for my lab I have selected “Express Settings” so that installation is very straight forward. During the configuration you have to provide two credentials AZURE AD and On prem AD. To use on-premises credentials for Azure AD sign-in, UPN suffixes should match one of the verified custom domains in Azure AD. I have changed the UPN suffixes of 4 on Prem AD users so that those On Prem AD users will get synced with Azure AD. Following are the high level steps completed in the AAD Connect setup and configuration wizard.
- Install and Configure SQL Express DB
- Install the synchronization engine
- Configure Azure AD Connector
- Configure On Prem AD Connector
- Enable Password Synchronization
- Enable Auto Upgrade
- Configure Azure AD Connect Health Agent for sync
- Configure Synchronization services on the computer
- End Results/Outcome of AAD Connect Sync
AAD Connect sync process will start after the AAD Connect setup and configuration. As you can see in the above screen capture, the configuration has been completed successfully on my On prem AD server. To confirm whether the on prem users/groups got synced with Azure AD, you can login to portal.azure.com and confirm the user IDs.
Result of Successful AAD SyncAll the users whose UPNs have been changed to SCCZ.Onmicrosoft.com have been replicated to Azure AD. They can use their ON Prem AD user ID and password to login to AZURE AD, Office 365 services. You can check the user profile – Source attribute to confirm whether the user is synced via AAD Connect from on prem Active Directory
Custom installation of Azure AD Connect here
