Microsoft Silver Partner

Microsoft Silver Partner

mobile-logo
19 Feb

How to sync AWS with Azure Active Directory / Office365 using Azure AD Connect

by Andrew Fitzgerald
in Uncategorised
Comments

This guide will show the steps to setup Azure AD Connect in AWS on Windows to sync your onprem Active Directory or AWS Active Directory to sync with Azure AD / Office365.

Setup Azure AD Connect on Server 2016

 

Deploy AAD Connect on Windows 2016 in AWS

Sync AWS AD with Azure

Setup Azure AD Connect on Server 2019

 

Deploy AAD Connect on Windows 2019 on AWS

Sync AWS AD with Azure

Once you have the AD Connect AWS VM installed, the following links will explain how to sync your on prem Active Directory or AWS Managed Active Directory to Azure AD

 

Express Settings

 

  • If you have a single forest AD then this is the recommended option to use.
  • User sign in with the same password using password synchronization.

 

From the desktop click on Azure AD Connect short cut

ADConnectShortcut

 

Connect to your Azure AD using your Global admin account and follow the steps in the following MS guide

 

https://docs.microsoft.com/en-gb/azure/active-directory/connect/active-directory-aadconnect-get-started-express

 

Synchronize users from AWS Microsoft AD to Azure AD with Azure AD Connect

 

The following steps show you how to customize Azure AD Connect to synchronize your AWS Microsoft AD identities to Azure AD for use with Office 365. Open an RDP session to your ADSync instance by using your AWS Microsoft AD admin user account:

 

  1. Launch Azure AD Connect from the desktop icon.
  2. On the Welcome page of the Azure AD Connect Wizard, accept the license terms and privacy notice, and then choose Continue.
  3. On the Express Settings page, choose Customize.
  4. On the Install required components page, choose Install.
  5. On the User sign-in page, choose Do not configure and then choose Next.
  6. On the Connect to Azure AD page, enter your Office 365 global administrator account credentials and then choose Next.
  7. On the Connect your directories page, choose Active Directory as the Directory Type, and then choose your Microsoft AD Forest as your Forest. Choose Add Directory.
  8. At the prompt, enter your AWS Microsoft AD admin account credentials, and then choose OK.
  9. Now that you have added the AWS Microsoft AD directory, choose Next.
  10. On the Azure AD sign-in configuration page, choose Next.

 

Note: AWS recommends the userPrincipalName (UPN) attribute for use by AWS Microsoft AD users when they sign in to Azure AD and Office 365. The UPN attribute format combines the user’s login name and the UPN-suffix of an AWS Microsoft AD user. The UPN suffix is the domain name of your AWS Microsoft AD domain and the same domain name you added and verified with Azure AD.

 

In the following example from the Active Directory Users and Computers tool, the user’s UPN is awsuser@awsexample.com, which is a combination of the user’s login name, awsuser, with the UPN-suffix, @awsexample.com.


aws user principle active directory

  1. On the Domain and OU filtering page, choose Sync selected domains and OUs, choose the Users OU under your NetBIOS OU, and then choose Next.
    syncing aws managed active directory to azure ad
  2. On the Uniquely identifying your users page, choose Next.
  3. On the Filter users and devices page, choose Next.
  4. On the Optional features page, choose Next.
  5. On the Ready to configure page, choose Start the synchronization process when configuration completes, and then choose Install.
  6. The Azure AD Connect installation has now completed. Choose Exit.

 

Note: By default, the Azure AD Connect sync scheduler runs every 30 minutes to synchronize your AWS Microsoft AD identities to Azure AD. You can tune the scheduler by opening a Windows PowerShell session as an administrator and running the appropriate Windows PowerShell commands. For more information, go to Azure AD Connect Sync Scheduler.

 

Tip: Do you need to synchronize a change immediately? You can manually start a sync cycle outside the scheduled sync cycle from the Azure AD Connect sync instance. Open a Windows PowerShell session as an administrator and run the following Windows PowerShell commands.

Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Delta

Customized Settings (Requires VM to be domain joined)

 

  • Used when you have multiple forests. Supports many on-premises topologies.
  • Customize your sign-in option, such as pass-through authentication, ADFS for federation or use a 3rd party identity provider.
  • Customize synchronization features, such as filtering and writeback.

 

https://docs.microsoft.com/en-gb/azure/active-directory/connect/active-directory-aadconnect-get-started-custom#user-sign-in

 

Firewall Ports to Open

 

If you have a hybrid environment and there is a firewall between your on prem environment and AWS. The following ports will need to be opened:

 

https://docs.microsoft.com/en-gb/azure/active-directory/connect/active-directory-aadconnect-ports

 

What is Azure AD Connect

 

After Install / Verify

 

Once you have everything configured, now its time to assign licences to your users and verify that sync is working and users can login to Office365 / Azure AD

 

https://docs.microsoft.com/en-gb/azure/active-directory/connect/active-directory-aadconnect-whats-next

 

Want some help (hire us)?

 

If you would like us to implement the AD connect server into your environment and fully configure and sync your on prem Active Directory to Azure AD, get in contact with us and we will get you up and running asap

Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud

No Comments

Post a Comment

Comment
Name
Email
Website