Azure Active Directory

Question

we already have an existing AD and wants to integrate it with Azure and wants to have local AD server on one office and other locations via cloud
Please share provisioning link for it?

we need registered domain for Azure AD and if they have domain.local AD domain then what will be happen.

Lastly how our roaming users will authenticate via AD?

Answer 1

Domain suffix local (i.e. TLD) is not supported with Azure AD. It would be synchronized to your onmicrosoft.com domain (on Azure AD).

Assuming provisioning with Azure AD Connect: afterwards both on-premise AD (AD DS) and Azure AD exist. Also it would be possible to leverage Azure AD using your AD DS content. So for roaming users AD DS authentication would remain the same, and Azure AD authentication would become possible.

Links for provisioning:

https://learn.microsoft.com/en-us/office365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-express

Answer 2

If you want to extend your on-prem Active Directory environment to Azure,, you need to create a new VM in Azure and promote it as a domain controller the same way as we promote a DC in on-prem environment. For this purpose, you need to have network connectivity (VPN connection) between on-prem DC and Azure DC. You should consider creating a new AD Site for the new DC on Azure VM for efficient Domain Controller discovery.

In order to register a domain to Azure AD, you need to add custom domain under Azure AD on the Azure portal, which should be a publicly routable domain. For example, if you have an Active Directory domain named contoso.local and you have an Azure AD tenant named contoso.onmicrosoft.com, you can register contoso.com as verified domain to your tenant and then you can run below PowerShell Commands to update UPN suffix of the users from contoso.local to contoso.com.

$LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*contoso.local'} -Properties userPrincipalName -ResultSetSize $null  

$LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("contoso.local","contoso.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}  

Please refer to below documents for more details:

1. Prepare for directory synchronization
2. Prepare a non-routable domain for directory synchronization

Roaming users will follow the standard Domain Controller locator Process to locate a DC and will authenticate against that specific DC. Refer to Domain Controller Locator : In depth for more details.

--------------------------------------------------------------------------------------------------------------------

Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.

Answer 3

Azure Active Directory will not help you to sync AD between offices. You can use azure services to setup a secure connection between offices to setup AD replication.

Pay attention that Azure AD is not a replacement of On-prem AD. It is a cloud identity and access management service designed for applications and Azure services.

If you would like to use AD to manage Windows VM accounts then you can check Azure Active Directory Domain Services (functionality is quite limited for enterprise usage). For linux you can check Azure AD Login extension (which is in the preview) https://learn.microsoft.com/en-us/azure/virtual-machines/linux/login-using-aad.