How to migrate Active Directory on-premise to Azure Active Directory ?

Now i have 2 domains : itguy.com ( on-premises ) and toidilencloud.com ( Public domain) as following :

In this scenario, we have to migrate all local users to Azure AD, so the end user who just need to know only 1 account to log in for all cloud services such as: Office 365, SQL, Web service…. So to prepare that , we need those points to be ready :

On the local AD, we need to make sure those points before doing:

  • Windows Server OS.
  • Verify your on-premises domain.
  • Have Global Administrator permissions for your Office 365 tenant and on-premises Active Directory.
  • Network connection: TCP/IP, DNS, Default Gateway…
  • Internet connection, you can go to internet.
  • Secured internet connection ports through the firewall. ( allowed ports).

Now we can start :

1- Log in Azure Portal : https://portal.azure.com and go to Azure Active Directory, download “ Download Azure AD Connect”.

2-Installation and configuration :

After installing the tool, you all can open and configure as:

I agree to…” and “ Continue

You can select “ Customize” or “Use Express settings”, here I am using “ Express…”

Input your Azure admin account and click “ Next” :

Input your local administrator account and “ Next” :

Note : please read this point to understand before continue, this warning ask you to change UPN to similar Azure AD on the cloud for all services. Now I just “ Continue without any verified domain”, we will do this step later. Click “ Install’.

After finishing :

Now we can see the user on Azure and Local AD as followings :

You can see all users from Local AD now are on Azure, you can recognize which account is created by Azure and which is created by local AD :

But I know you have a question for me that why are not those accounts with  itguy.com or toidilencloud.com ? So we will back the prefix UPN and change it now.

  • Open and right click on your local “ Active Directory Domains and Trusts”

Add your Azure domain to and click “Add”  and “ OK”:

Ok now, I need to change the UPN for users that need to be same public domain toidilencloud.com. I will open user properties and change the UPN as followings :

Apply and OK.

So now we synchronize again from local to Azure, Open :

Select “ Customize Synchronization options”

Log in by your Azure admin account, leave as default and “Next” :

I don’t need to synchronize all domain, I just want to synchronize user in ITguy_Grp OU only ( that I just changed the UPN), and Next :

Note : if you need the users to change their password on Cloud and password updates back to your local AD ( only password). You can check to “ Password writeback”. Here I need that and click Next :

And click “ Configure” to start updating your changes.

So now you can see the changes on u1 and u2  :

So now if you change the u1 and u2 password, they will be synchronized back the local AD.

And if you need to study more about the Synchronization cycle from local AD to Azure , please refer this link.

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler#scheduler-and-installation-wizard

 

Thanks for your attention on my post, I will come back soon with the new posts and more interesting updates on Azure cloud services.

Enjoy a nice day.

 

 

Please follow and like us: