0

Azure AD Connect Best Practices Installation Guide

In this day and age it’s a perfectly viable option to want to start migrating services to the cloud to not only leverage their infrastructure, but to save on costs and most importantly to save on time. In many organizations around the world, more and more people are adopting a hybrid model where objects live in an on-premises Active Directory but function in the cloud. This model perfectly resembles the exchange hybrid model where users are onprem but are synced to Azure Active Directory and have their mailboxes in Exchange Online. Today we’re going to follow Azure AD Connect best practices to install and configure AADConnect in our lab and start migrating our users from on-premises exchange to Exchange Online.
 

If you’re interested in knowing the Pros and Cons Exchange Online vs Exchange On-Premise then the linked article has got you covered. All in all, I would definitely prefer having mailboxes hosted in Exchange Online over On-premise because in my opinion the pros definitely outweigh the cons. Seeing as how many organizations around the world are already using Office 365 and Exchange Online, I think that speaks volumes and at least the effort of making a test tenant going through the motions to see if it’s beneficial to you and your org.
 

The AAD Connect best practice video demo is at the end of post if you want to cut to the chase

Azure AD Connect Best Practices Installation Guide

We’ll start off by launching the aadconnect msi which you can find here.

  • In my case I like to choose customize to give me that extra flexibility

AADConnect Customize
 

  • I usually have pre-created accounts so I chose use an existing service account

AADConnect Components

For large environments with 100k+ objects, you will need a full blown SQL Server


 

  • Password Hash Synchronization is definitely the best option here so that would be my choice
  • I’ll also choose to enable single sign-on so that will be checked as well

AADConnect User Signin
 

  • Be sure to enter in your global admin credentials to connect to your tenant
  • Connect forest and add the directory
  • Enter in your Azure AD Connect sync account
  • Watch the linked video to the end to show how to apply the exact permissions are needed

 

  • Choose the Organization Units you want to filter
  • I would recommend only choosing where your users are located

AADConnect OU Filter
 

  • Leave the default if users are represented only once across all directories
  • Leave the default to let Azure manage the source anchor VERY IMPORTANT!

AADConnect Unique Users
 

  • Select Synchronize all users and devices
  • I have an on-premise exchange server so I’ll choose Exchange hybrid deployment
  • Password hash sync was selected earlier so that is checked
  • I also plan to utilize Self Service Password Reset (SSPR) so I’ll enable password writeback

AADConnect Optional Features

Since we also enabled single sign-on the steps to enable that are also covered in the video so make sure you watch until the end.

Azure AD Connect Best Practices Video Demo

Conclusion

Hopefully this video to install Azure AD Connect best practices was really helpful and allowed you to get it up and running in your own environment. I definitely like the idea of still having the flexibility of a vertically integrated hybrid model.

If you want more cloud content, be sure to check out our Office 365 and Azure Active Directory categories as well as our Youtube Channel that’s full of greate sysadmin resources.

Paul

Hi, my name is Paul and I am a Sysadmin who enjoys working on various technologies from Microsoft, VMWare, Cisco and many others. Join me as I document my trials and tribulations of the daily grind of System Administration.