Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD? SCCM admins have to go through the AAD connect setup when they want to build Intune and SCCM hybrid lab. AAD Connect is the app used for syncing On-Prem AD with Azure AD. AAD connect app can be installed on any of the server-class machines.
AAD Connect sync operation is very critical for organizations. If you are planning to sync the hash of your passwords to the cloud then, the configuration of the AAD connect setup is fairly straightforward. If you have specific and advanced AAD Connect setup requirements then, you need to spend loads of time in the initial setup.
Introduction
AAD connect setup and configuration will install SQL Express DB and configure it. For big corporate organizations, we need to select the advanced settings. They may have custom attributes used in their sync process. These kinds of settings can be configured in advanced settings.
Also, there could be the possibility that the password hash is not synced and ADFS configuration has been used for authentication.
But for my lab, I have selected “Express Settings” so that installation is very straightforward. During the configuration, you have to provide two credentials AZURE AD and On-prem AD. To use on-premises credentials for Azure AD sign-in, UPN suffixes should match one of the verified custom domains in Azure AD.
I have changed the UPN suffixes of 4 on Prem AD users so that those On-Prem AD users will get synced with Azure AD. Following are the high-level steps completed in the AAD Connect setup and configuration wizard. Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD?
- Install and Configure SQL Express DB
- Install the synchronization engine
- Configure Azure AD Connector
- Configure On Prem AD Connector
- Enable Password Synchronization
- Enable Auto Upgrade
- Configure Azure AD Connect Health Agent for sync
- Configure Synchronization services on the computer
- End Results/Outcome of AAD Connect Sync
AAD Connect sync process will start after the AAD Connect setup and configuration. As you can see in the above screen capture, the configuration has been completed successfully on my On-prem AD server. To confirm whether the on-prem users/groups got synced with Azure AD, you can log in to portal.azure.com and confirm the user IDs.
All the users whose UPNs have been changed to SCCZ.Onmicrosoft.com have been replicated to Azure AD. They can use them ON Prem AD user ID and password to log in to AZURE AD, Office 365 services. You can check the user profile – Source attribute to confirm whether the user is synced via AAD Connect from the on-prem Active Directory.
Azure AD AAD Connect Setup User Password Sync Tool to Sync On-prem AD Domain to Azure AD?
References
Custom installation of Azure AD Connect here