{"id":1349,"date":"2022-04-13T15:10:40","date_gmt":"2022-04-13T20:10:40","guid":{"rendered":"http:\/\/zewwy.ca\/?p=1349"},"modified":"2022-06-02T21:32:54","modified_gmt":"2022-06-03T02:32:54","slug":"azure-ad-and-the-adconnect","status":"publish","type":"post","link":"https:\/\/zewwy.ca\/index.php\/2022\/04\/13\/azure-ad-and-the-adconnect\/","title":{"rendered":"Azure AD and the ADConnect"},"content":{"rendered":"<p>*Note this is not supported. Installing Azure AD Sync on a Core server but it appears it does work.<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/hybrid\/how-to-connect-install-prerequisites\">The Azure AD Connect server must have a full GUI installed. Installing Azure AD Connect on Windows Server Core isn&#8217;t supported.<\/a><\/li>\n<\/ul>\n<p>Here&#8217;s what I did, I found <a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/fundamentals\/free-trial-sign-up\">this MS doc for reference<\/a>:<\/p>\n<ol>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/fundamentals\/free-trial-sign-up\">I followed this to guide<\/a> me to make the &#8220;primary&#8221; tenant.<br \/>\n<a href=\"https:\/\/i.imgur.com\/J7K0drX.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/J7K0drX.png\" alt=\"\" width=\"742\" height=\"768\" \/>no, I did not check either checkbox, **** em!<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/enterprise-users\/domains-manage\">I read this content to understand<\/a> the tenant hierarchy.<\/li>\n<li>I added a custom domain (zewwy.ca), it said, sure no problem no federation issues, just verify. (Create a TXT record on the registrar to verify you own domain.)<br \/>\n<a href=\"https:\/\/i.imgur.com\/q49VSwN.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/q49VSwN.png\" alt=\"\" width=\"978\" height=\"561\" \/><\/a>*refresh the page and the status will update accordingly.<\/li>\n<li>\u00a0I proceeded to download the Azure AD Connect msi file via the provided link after adding the custom domain.<\/li>\n<li>Install: (This was on Server 2016 Core)<\/li>\n<\/ol>\n<p><a href=\"https:\/\/i.imgur.com\/jsilqW0.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/jsilqW0.png\" alt=\"\" width=\"855\" height=\"400\" \/><\/a><\/p>\n<p><a href=\"https:\/\/i.imgur.com\/LSY5yne.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/LSY5yne.png\" alt=\"\" width=\"899\" height=\"397\" \/><\/a><\/p>\n<p>2015.. interesting&#8230;<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/tBUpVwN.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/tBUpVwN.png\" alt=\"\" width=\"970\" height=\"715\" \/><\/a><\/p>\n<p>Click Accept Next.<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/87PaWkA.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/87PaWkA.png\" alt=\"\" width=\"991\" height=\"719\" \/><\/a><\/p>\n<ul>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/hybrid\/how-to-connect-install-prerequisites\">You must have an Azure AD Global Administrator account for the Azure AD tenant you want to integrate with. This account must be a\u00a0<em>school or organization account<\/em>\u00a0and can&#8217;t be a\u00a0<em>Microsoft account<\/em>.<\/a><\/li>\n<li>If you use\u00a0express settings\u00a0or upgrade from DirSync, you must have an Enterprise Administrator account for your on-premises Active Directory.<\/li>\n<li>If you use the custom settings installation path, you have more options. For more information, see\u00a0Custom installation settings.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/i.imgur.com\/LUoX94G.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/LUoX94G.png\" alt=\"\" width=\"989\" height=\"743\" \/><\/a><\/p>\n<p>Enter the Credentials from Step 1 (or enter the credentials provided by your MSP\/CSP\/VAR.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i.imgur.com\/7094Tkq.png\" \/><\/p>\n<p>Enter the credentials of the local domain, enterprise admin account.<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/hS1Rnnk.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/hS1Rnnk.png\" alt=\"\" width=\"994\" height=\"726\" \/><\/a><\/p>\n<p>If you wish to do a hybrid Exchange setup check the second checkbox, Not sure how to configure this later but I&#8217;m sure there is a way. At this time that was not part of this post&#8217;s goals.<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/kPyUnkt.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/kPyUnkt.png\" alt=\"\" width=\"999\" height=\"742\" \/><\/a><\/p>\n<p>There was one snippet I missed, it appears to install a SQL express on the DC.<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/FzQXMgy.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/FzQXMgy.png\" alt=\"\" width=\"989\" height=\"752\" \/><\/a><\/p>\n<p>Then it appears to install a dedicated service.<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/U3edg2M.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/U3edg2M.png\" alt=\"\" width=\"990\" height=\"744\" \/><\/a><\/p>\n<p>This is Ground Control to Major Tom&#8230;<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/tXsv37I.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/tXsv37I.png\" alt=\"\" width=\"994\" height=\"745\" \/><\/a><\/p>\n<p>This is Major Tom to Ground Control&#8230; You&#8217;ve really made the grade!<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/Hwk2Q1k.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/Hwk2Q1k.png\" alt=\"\" width=\"993\" height=\"741\" \/><\/a><\/p>\n<p><a href=\"https:\/\/i.imgur.com\/8wxO6e2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/8wxO6e2.png\" alt=\"\" width=\"1001\" height=\"741\" \/><\/a><\/p>\n<p><a href=\"https:\/\/i.imgur.com\/ypGOFJS.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/zbrbXOV.png\" alt=\"\" width=\"994\" height=\"750\" \/><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/ypGOFJS.png\" alt=\"\" width=\"993\" height=\"747\" \/><\/a><\/p>\n<p>They got all my passwords!<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/ANNsfAQ.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/ANNsfAQ.png\" alt=\"\" width=\"999\" height=\"737\" \/><\/a><\/p>\n<p><a href=\"https:\/\/i.imgur.com\/RJkf7xf.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/RJkf7xf.png\" alt=\"\" width=\"996\" height=\"728\" \/><\/a><\/p>\n<p>wait &#8230; it worked&#8230;. like what? No Errors?&#8230; No Service account creations? It actually just worked?&#8230;<\/p>\n<p>Goto azure portal login, use my on prem credentials&#8230; and it logged me in&#8230;.<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/Alizr4J.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/Alizr4J.png\" alt=\"\" width=\"839\" height=\"186\" \/><\/a><\/p>\n<p>I&#8217;m kind of mind blown right now. Well Guess on the next post can cover possibly playing with M365 services. Stay tuned. \ud83d\ude00<\/p>\n","protected":false},"excerpt":{"rendered":"<p>*Note this is not supported. Installing Azure AD Sync on a Core server but it appears it does work. The Azure AD Connect server must have a full GUI installed. Installing Azure AD Connect on Windows Server Core isn&#8217;t supported. Here&#8217;s what I did, I found this MS doc for reference: I followed this to &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/zewwy.ca\/index.php\/2022\/04\/13\/azure-ad-and-the-adconnect\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Azure AD and the ADConnect&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"sfsi_plus_gutenberg_text_before_share":"","sfsi_plus_gutenberg_show_text_before_share":"","sfsi_plus_gutenberg_icon_type":"","sfsi_plus_gutenberg_icon_alignemt":"","sfsi_plus_gutenburg_max_per_row":"","footnotes":""},"categories":[36,8,197],"tags":[407,143,406,408],"class_list":["post-1349","post","type-post","status-publish","format-standard","hentry","category-exchange","category-server-administration","category-windows","tag-aad","tag-ad","tag-azure","tag-sync"],"_links":{"self":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/comments?post=1349"}],"version-history":[{"count":4,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1349\/revisions"}],"predecessor-version":[{"id":1374,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1349\/revisions\/1374"}],"wp:attachment":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/media?parent=1349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/categories?post=1349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/tags?post=1349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}