Getting Started with Azure Active Directory Free Edition

Posted on by Alan Schmarr

 Introduction

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management service.

More in-depth detail about Azure AD can be found here.

The article illustrate the registration process and the essential configuration tasks for Azure AD free edition for use of organization internal users. (Future posts will look at other scenarios)

Preparation tasks

The follow preparation tasks will be required:

  1. Have a Microsoft account ready to use for sign-up;
    1. Generate a Microsoft account by going here;
    2. Follow the on-screen wizard and complete sign-up;
  2. A credit Card – This will only be used for verification and not be charged unless you explicitly upgrade to a paid offer;
  3. Optional – External Domain Name e.g. schmarr.com to integrate into Azure AD;
    1. P.S. You’ll need to be able to create TXT records in the external domain.

Installation

Registration

Please follow theses steps in registering your free Azure subscription that will host Azure AD:

  1. Go to the following url: https://azure.microsoft.com/en-us/trial/get-started-active-directory/;
  2. Click on “Create a free Azure Account”;
  3. Click “Start Now”;
  4. Fill in the form and submit;
  5. The subscription will take up to 4 minutes to be created.
  6. Once the process is complete you should see the following screen:

AzureADFree-ScreenShot1

By now a default Azure AD is already created, skip “Create Azure AD” section if default instance shouldn’t be used.

Create Azure AD (Optional)

Follow the these steps to create a new Azure AD:

  1. In the left corner click on the “+ New” icon
  2. Click “Security + Identity”
  3. Click “Active Directory”
  4. It will re-direct to the Azure Classic portal (This might change in the future)
  5. You will get the following Wizard
  6. AzureADFree-ScreenShot2
  7. Fill in the form and click the check to create the Azure AD

Essential Azure AD Configuration

At this point Azure AD is fully functional, with the following constraints:

  • Manual process is required for creating user accounts (GUI, PowerShell or CSV import);
  • User passwords will not be in-sync with their network passwords;
  • Usernames at this stage will be <username>@<AzureADName>.onmicrosoft.com;
    • Users will be required to remember their usernames. (Most users find it difficult remember their password);

Follow my Essential Azure Configuration guide here if you want to address the constraints mentioned above.

Conclusion

After completion of this guide, Azure AD free edition will available and be functional with available features.

Advertisement

Essential Azure AD Configuration

Posted on by Alan Schmarr

Introduction

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management service.

More in-depth detail about Azure AD can be found here.

a fresh Azure AD installation will have the following constraints:

  1. Usernames at this stage will be <username>@<AzureADName>.onmicrosoft.com;

    Users will be required to remember usernames. (Most users find it difficult remember their passwords);

  2. Manual process is required for creating user accounts (GUI, PowerShell or CSV import);
  3. User passwords will not be in-sync with their network password;

This article will only focus in addressing the constraints above, with the least possible effort. More complex options are available and will depend on security & business requirements.

Configuration / Installation

Each optional tasks below should be followed chronological order to address the constraints above.

1. Add Email Domain (Optional)

This step should be done first before proceeding with step 2.

Only one Azure AD can own the organization email domain and Microsoft will not allow registering the email domain into another Azure AD Subscriptions.

Follow these steps to allow usernames to be the same as the organization email address:

  1. Go to https://manage.windowsazure.com
  2. On the left menu click “Active Directory”
  3. Open your new create Azure AD, you should see the following screen:
  4. AzureADFree-ScreenShot3
  5. Click “Domain” Tab
  6. Click “ADD A CUSTOM DOMAIN”, the following wizard will appear:
  7. AzureADFree-ScreenShot4
  8. Enter company domain name, example: “schmarr.com”, click “add”
  9. On Page 2, will have the TXT record that should be created in the company domain external DNS service. Please see example:
  10. AzureADFree-ScreenShot5
  11. Once the DNS TXT record is created, Click “verify” (Please allow DNS replication to complete up to 48 hours)
  12. Change the user accounts manually to reflect user emails addresses

    For automating user creation and password sync, please proceed to step 2.

2. Automate Account creation in Azure AD (Optional)

It is recommended that step 1 should be completed first, otherwise all users account will be created with system created domain name e.g. “<username>@<AzureADName>.onmicrosoft.com”

Assumptions / Requirements

The following assumptions are made in this section:

  • Internal Active Directory up and running
  • Windows 2012 R2 Member server of the Active Directory, ready to install Azure AD Connect
  • The member server has internet access
  • Active Directory userPrincipalName(UPN) reflects the user’s mail address
    • This assumption is in most cases are a challenge for most organizations and the following options are available:
      • Run the Azure AD Connect (Steps below is expert install) in advanced mode and choose “mail” attribute instead of userPrincipalName(UPN) – Easy fix;
      • Fix the UPN to be the same as email address, here is a microsoft tool that can assist;
  • Azure AD
  • A Active Directory enterprise administrator account
  • global admin account is created with default domain context e.g. admin@<AzureADName>.onmicrosoft.com

Azure AD Configuration

  1. Go to https://manage.windowsazure.com
  2. On the left menu click “Active Directory”
  3. Open your new create Azure AD, you should see the following screen:
  4. AzureADFree-ScreenShot3
  5. Click “DIRECTORY INTEGRATION” Tab
  6. Click “ATIVATED”, then click “SAVE”

Azure AD Connect Installation

The following tasks will be completed on the domain member server.

  1. Download Azure AD Connect from Here
  2. Run the downloaded setup file on the Windows 2012 R2 member server
  3. Click “Continue”
  4. Click “Use express settings”
  5. Enter your Azure AD Admin username e.g. admin@<AzureADName>.onmicrosoft.com and password
  6. Click “Next”
  7. Enter the Active Directory Enterprise Admin account and password
  8. Click “Next”
  9. Click “Install”
  10. AzureADFree-ScreenShot6

Once the installation is complete all user accounts will be created in Azure AD automatically with the current user email address. Password synchronization will also be automatically enabled.

Advanced installation will allow disabling password sync if not required.

Conclusion

User will be now be able to login into Azure AD using exiting email address and network password.