Ok, so now the site-to-site VPN is in place, I can sync my local Active Directory (AD) lab.damen-online.nl with my Azure Active Directory (AAD). To do this I first need to register this domain within my Azure subscription (as this is registered with another domain). To do this I go to Azure Active Directory in my Azure Portal
Within AAD I go to Custom Domain Names
and I click on + Add custom domain
I provide my domain name and click Add
After hitting the button a message appears that I need to create a TXT record with my domain registrar, using the info provided.
So opening up the admin page of my registrar to add the TXT record as mentioned (I have a Dutch registrar, hence the Dutch language).
After adding the TXT record I will switch back and verify the domain. As you can see the domain is now verified, so good to go.
Now I can install AAD Connect. I open the custom domain (lab.damen-online.nl) and click Download Azure AD Connect
A new website opens where I can download Microsoft Azure Active Directory Connect
After downloading I start the installation wizard. I agree to the license terms and privacy notice and click Continue
As I have a single domain, I can use the Express Settings so I select Use Express Settings
I need to connect to Azure AD using my Azure AD global administrator credentials. So I provide these and click Next
Next screen, next credentials… Now I need to provide the enterprise admin credentials for the local domain, before clicking Next
I get an overview of what the wizard will do, and I leave the “Start the synchronisation process when the configuration completes checked” and click Install
The configuration completes in a couple of minutes, so my AD is synced with AAD. I get a message that my AD recycle Bin hasn’t been enabled (so will do that in the next section), and another message stating that AAD is configured to use AD attribute ms-DS-ConsistencyGuid as the source anchor attribute. After reading this article it’s clear this attribute will act as the immutable ID and is system generated. The configuration is done, so I click Exit
I enabled the recycle bin on my Active Directory (as recommended) and created some test accounts within my AD (I used some brands from the client I work for, so they might look familiar to some of you) . After a while these are synchronised to AAD, so mission accomplished (Azure AD connect is working), up for the next bit.