SETTING UP AZURE AD FOR SHAREPOINT ADMINS

12 Year SharePoint MVP

Writer, speaker, consultant, podcaster, SysKit Chief Evangelist

Todd Klindt – Sympraxis Consulting

www.toddklindt.comwww.toddklindt.com/Thrive2018

Azure Active Directory

• If you are going to do anything with Office 365 this is step one

• This is a very valuable skill set to add to the resume

• Stop reinventing the authentication wheel

• Walk through guide

• https://www.youtube.com/watch?v=duYYmqzx0Rc

Identity Bridge

Active

Directory

LDAP

Azure AD

Connect(sync + sign on)

• (Windows) Active Directory

• User Principal Name (UPN)

• Azure Active Directory (AAD)

• Identity as a Service

• Hybrid

• DirSync

• ADFS

• Azure AD Connect (AADC)

• SSO

• The other SSO

Defining Terminology

Topology & Security

• ADFS vs DirSync vs Pass-Through

• Federation starts with synchronization

• Pass-through, best of both worlds?

• Multifactor Auth

• Yours or theirs

• Flip of a switch

Azure identity management security overview

• Single sign-on

• Reverse proxy

• Multi-factor authentication

• Security monitoring, alerts, and machine learning-based reports

• Consumer identity and access management

• Device registration

• Privileged identity management

• Identity protection

• Hybrid identity management

• https://docs.microsoft.com/en-us/azure/security/security-identity-management-overview

Same sign on scenario

Single sign on scenario

Pass-through Auth

Active Directory core concepts and concerns

• FSMO roles, AD DNS, WINS, etc

• Dirty Directories

• 2003 Everyone group -> 2008 Authenticated Users group

• IsCriticalSystemObject objects are not synced

• I’m looking at you Domain Users

• UPN issues

• Schema Extensions

On-Prem Server, Cloud Auth

• Azure AD with your on-prem SharePoint Server

• Get Azure AD set up

• Set up SSL

• Create new Enterprise Application in Azure AD

• Configure new Trusted ID in SharePoint 2016

• Set permissions on SharePoint 2016

• Enable SAML 1.1 token in Azure AD

• Verify provider

• Some cleanup

• Kirk’s Instructions here

• Spence has a session on this here at Thrive

AZURE AD CONNECT WALKTHROUGH

Assumptions

• Windows Active Directory Domain

• It works

• Forest and Domain Windows 2003 functional level or higher

• Not Single Level or dotted

• AD Connect Server

• Windows 2008 or greater

• Own an Internet domain and control DNS

• Have an Azure or Office 365 Tenant

• Domain admin and tenant admin creds

Before Picture

Add Internet Domain

Verify Domain

TXT Record Shuffle

Your DNS Host

The Easy Way

Verifying…

With PowerShell

• V1

• New-MSOLDomain

• Get-MsolDomainVerificationDns

• Confirm-MsolDomain

• Set-MsolDomain

• V2

• New-AzureADDomain

• Get-AzureADDomainVerificationDnsRecord

• Confirm-AzureADDomain

• Set-AzureADDomain

Now, Another Word about DNS

Again with the DNS

Function Check

Second Before

Start Syncing

Is Directory Sync Right for You?

Step 1

https://portal.office.com/tools

More Checking…

Step 2 - HRC

Step 3 – IDFix

More Fixin’

Houston, we have a problem…

On To AADC

http://toddklindt.com/aadconnect

Install and Config

Almost there

The Pudding

ADVANCED MOVES

Viewing AADC

Customizing AADC

miisclient

PowerShell

Questions?

Todd Klindt – Sympraxis Consulting

www.toddklindt.comwww.toddklindt.com/Thrive2018