1. Preliminary preparation
1. Enter the Azure cloud to register an account
2. Enter the AAD management background
3. Create a new tenant
(1) Open Manage Tenants
(2) create
(3) Select the type
(4) Configuration directory name "xielong"
4. Switch directory and add domain name
(1) Switch directory
(2) Add a custom domain name, here you need to verify, so you need to have an online domain name
5. Create a global administrator
(1) Create a tom.ma user here
(2) Authorization role: global administrator, here for later synchronization
(3) Success, another user identified as "MicrosoftAccount" here is automatically created by Microsoft
6. Add a license, you can try it for free for one month
(1) Click License
(2) Click to try/purchase
(3) Here we choose "Enterprise Mobility + Security E5" to activate
7. Log in to the local AD and create a UNP, which is consistent with the domain name added on AAD
2. Install Azure AD Connect
1. I installed it on the local AD. It is recommended to install it separately in the production environment.
Download Microsoft Azure Active Directory Connect from Official Microsoft Download Center
2. Open the software after installation, here we choose to customize
3. For the login method, we choose a password
4. Configure the global administrator, the account here is the one we created above on AAD
5. Connect to local AD
6. Verify local AD
(1) Enter the account of the local AD, here I specially create an AD account clerk, note that this cannot be an administrator account
(2) Verification succeeded
7. AAD login configuration
8. Select the OU for synchronization, here we only select the OU of SHA
9. Continue to the next step until complete
3. Verify synchronization
1. We create three users on the local AD
2. We checked AAD and found that all of them have been synchronized.
