Active Directory preparations

To prepare your AD environment, you can use the IdFix tool, which you can download from http://bit.ly/1VnsvVn. It performs the discovery and remediation of identity objects and their attributes in an on-premises AD environment in preparation for synchronization to Azure AD. IdFix is provided for AD administrators that plan to use Azure AD Connect with the Azure AD/Office 365 services. You can use the tool for every synchronization scenario:

Incorrect user accounts found by the IdFix tool

To test the IdFix utility, we'll create some incorrect test users with the following script:

New-ADUser -Name "James Meyers" -GivenName J. -Surname Meyers -SamAccountName jmeyers -UserPrincipalName james.meyers@local -path "OU=Users,OU=Managed Business Objects,DC=inovitlabs,DC=ch" -AccountPassword (ConvertTo-SecureString "Pass@word1" -AsPlainText -Force) -Enabled $True

New-ADUser -Name "Adrian Gilbert" -GivenName Adrian -Surname Gilbert -SamAccountName adrian.gilbert -UserPrincipalName "adrian.gilbert @inovitlabs.ch" -path "OU=Users,OU=Managed Business Objects,DC=inovitlabs,DC=ch" -AccountPassword (ConvertTo-SecureString "Pass@word1" -AsPlainText -Force) -Enabled $True

New-ADUser -Name "Wilma Chavez" -GivenName Wilma -Surname Chavez -SamAccountName wilma.chavez -UserPrincipalName "wilma.chavezĀ°@inovitlabs.ch" -path "OU=Users,OU=Managed Business Objects,DC=inovitlabs,DC=ch" -AccountPassword (ConvertTo-SecureString "Pass@word1" -AsPlainText -Force) -Enabled $True

The following screenshot shows the expected result:

Creation result of the damaged user accounts

Now we can run the IdFix tool to check the local AD for a user that will build errors in a synchronization:

Errors found on the damaged user accounts

After you test the IdFix tool, delete the created test user accounts.

With the next steps we will start the installation of the Azure AD Connect tool:

  1. Run the Azure AD Connect installation. Download the actual version of the tool from https://www.microsoft.com/en-us/download/details.aspx?id=47594 and start the installation with the Domain Administrator credentials.
  2. Choose the custom installation option so that we can view all the essential configuration steps. I always use the custom option and not the Express option.
  3. Use the gMSA created in the previous steps to configure the Azure AD Connect service:

Service account configuration
  1. At this time, we don't set any User sign-in option:

User sign-in configuration

In the next section, we'll discuss the source anchor decision process, so click Next and wait for the next lab part.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.165.247