How to sync AWS with Azure Active Directory / Office365 using Azure AD Connect
This guide will show the steps to setup Azure AD Connect in AWS on Windows to sync your onprem Active Directory or AWS Active Directory to sync with Azure AD / Office365.
Once you have the AD Connect AWS VM installed, the following links will explain how to sync your on prem Active Directory or AWS Managed Active Directory to Azure AD
- If you have a single forest AD then this is the recommended option to use.
- User sign in with the same password using password synchronization.
From the desktop click on Azure AD Connect short cut
Connect to your Azure AD using your Global admin account and follow the steps in the following MS guide
Synchronize users from AWS Microsoft AD to Azure AD with Azure AD Connect
The following steps show you how to customize Azure AD Connect to synchronize your AWS Microsoft AD identities to Azure AD for use with Office 365. Open an RDP session to your ADSync instance by using your AWS Microsoft AD admin user account:
- Launch Azure AD Connect from the desktop icon.
- On the Welcome page of the Azure AD Connect Wizard, accept the license terms and privacy notice, and then choose Continue.
- On the Express Settings page, choose Customize.
- On the Install required components page, choose Install.
- On the User sign-in page, choose Do not configure and then choose Next.
- On the Connect to Azure AD page, enter your Office 365 global administrator account credentials and then choose Next.
- On the Connect your directories page, choose Active Directory as the Directory Type, and then choose your Microsoft AD Forest as your Forest. Choose Add Directory.
- At the prompt, enter your AWS Microsoft AD admin account credentials, and then choose OK.
- Now that you have added the AWS Microsoft AD directory, choose Next.
- On the Azure AD sign-in configuration page, choose Next.
Note: AWS recommends the userPrincipalName (UPN) attribute for use by AWS Microsoft AD users when they sign in to Azure AD and Office 365. The UPN attribute format combines the user’s login name and the UPN-suffix of an AWS Microsoft AD user. The UPN suffix is the domain name of your AWS Microsoft AD domain and the same domain name you added and verified with Azure AD.
In the following example from the Active Directory Users and Computers tool, the user’s UPN is firstname.lastname@example.org, which is a combination of the user’s login name, awsuser, with the UPN-suffix, @awsexample.com.
- On the Domain and OU filtering page, choose Sync selected domains and OUs, choose the Users OU under your NetBIOS OU, and then choose Next.
- On the Uniquely identifying your users page, choose Next.
- On the Filter users and devices page, choose Next.
- On the Optional features page, choose Next.
- On the Ready to configure page, choose Start the synchronization process when configuration completes, and then choose Install.
- The Azure AD Connect installation has now completed. Choose Exit.
Note: By default, the Azure AD Connect sync scheduler runs every 30 minutes to synchronize your AWS Microsoft AD identities to Azure AD. You can tune the scheduler by opening a Windows PowerShell session as an administrator and running the appropriate Windows PowerShell commands. For more information, go to Azure AD Connect Sync Scheduler.
Tip: Do you need to synchronize a change immediately? You can manually start a sync cycle outside the scheduled sync cycle from the Azure AD Connect sync instance. Open a Windows PowerShell session as an administrator and run the following Windows PowerShell commands.
Customized Settings (Requires VM to be domain joined)
- Used when you have multiple forests. Supports many on-premises topologies.
- Customize your sign-in option, such as pass-through authentication, ADFS for federation or use a 3rd party identity provider.
- Customize synchronization features, such as filtering and writeback.
Firewall Ports to Open
If you have a hybrid environment and there is a firewall between your on prem environment and AWS. The following ports will need to be opened:
After Install / Verify
Once you have everything configured, now its time to assign licences to your users and verify that sync is working and users can login to Office365 / Azure AD
Want some help (hire us)?
If you would like us to implement the AD connect server into your environment and fully configure and sync your on prem Active Directory to Azure AD, get in contact with us and we will get you up and running asap