適用於 Microsoft 365 測試環境的傳遞驗證Pass-through authentication for your Microsoft 365 test environment

此測試實驗室指南可用於 enterprise 和 Office 365 企業測試環境的 Microsoft 365。This Test Lab Guide can be used for both Microsoft 365 for enterprise and Office 365 Enterprise test environments.

想要直接使用內部部署 Active Directory Domain Services (AD DS) 基礎結構,對 Microsoft 雲端式服務和應用程式進行驗證的組織,可以使用傳遞驗證。Organizations that want to directly use their on-premises Active Directory Domain Services (AD DS) infrastructure for authentication to Microsoft cloud-based services and applications can use pass-through authentication. 本文說明可以如何針對傳遞驗證設定 Microsoft 365 測試環境,以造成下列組態:This article describes how you can configure your Microsoft 365 test environment for pass-through authentication, resulting in the following configuration:

使用傳遞驗證測試環境的模擬企業

設定此測試環境有兩個主要階段︰There are two phases to setting up this test environment:

  1. 使用密碼雜湊同步處理建立 Microsoft 365 模擬企業測試環境。Create the Microsoft 365 simulated enterprise test environment with password hash synchronization.
  2. 在 APP1 上針對傳遞驗證設定 Azure AD Connect。Configure Azure AD Connect on APP1 for pass-through authentication.

Microsoft Cloud 的測試實驗室指南

提示

按一下這裡,可查看企業用 Microsoft 365 測試實驗室指南堆疊中所有文章的視覺對應。Click here for a visual map to all the articles in the Microsoft 365 for enterprise Test Lab Guide stack.

階段 1:設定適用於 Microsoft 365 測試環境的密碼雜湊同步處理Phase 1: Configure password hash synchronization for your Microsoft 365 test environment

請遵循適用於 Microsoft 365 的密碼雜湊同步處理中的指示。以下是您產生的組態。Follow the instructions in password hash synchronization for Microsoft 365. Here is your resulting configuration.

使用密碼雜湊同步處理測試環境的模擬企業

此組態包含:This configuration consists of:

  • Microsoft 365 E5 試用版或付費訂閱。Microsoft 365 E5 trial or paid subscription.
  • 簡化的組織內部網域與網際網路的連線,由 Azure 虛擬網路的子網路上的 DC1、APP1 及 CLIENT1 虛擬機器組成A simplified organization intranet connected to the Internet, consisting of the DC1, APP1, and CLIENT1 virtual machines on a subnet of an Azure virtual network. Azure AD Connect 在 APP1 上執行,以定期將 TESTLAB AD DS 網域同步至 Microsoft 365 訂閱的 Azure AD 租用戶。Azure AD Connect runs on APP1 to synchronize the TESTLAB AD DS domain to the Azure AD tenant of your Microsoft 365 subscription periodically.

階段 2:在 APP1 上針對傳遞驗證設定 Azure AD ConnectPhase 2: Configure Azure AD Connect on APP1 for pass-through authentication

在這個階段中,您會在 APP1 上設定 Azure AD Connect 以使用傳遞驗證,然後驗證它是否運作正常。In this phase, you configure Azure AD Connect on APP1 to use pass-through authentication, and then verify that it works.

在 APP1 上設定 Azure AD ConnectConfigure Azure AD Connect on APP1

  1. Azure 入口網站,以您的全域管理員帳戶登入,然後以 TESTLAB\User1 帳戶連線到 APP1。From the Azure portal, sign in with your global administrator account, and then connect to APP1 with the TESTLAB\User1 account.

  2. 從 APP1 的桌面執行 Azure AD Connect。From the desktop of APP1, run Azure AD Connect.

  3. 在 [歡迎] 頁面上,按一下 [設定]。On the Welcome page, click Configure.

  4. 在 [其他工作] 頁面上,按一下 [變更使用者登入],然後按 [下一步]。On the Additional tasks page, click Change user sign-in, and then click Next.

  5. 在 [連線到 Azure AD] 頁面上,輸入您的全域管理員帳戶認證,然後按 [下一步]。On the Connect to Azure AD page, type your global administrator account credentials, and then click Next.

  6. 在 [使用者登入] 頁面上,按一下 [傳遞驗證],然後按 [下一步]。On the User sign-in page, click Pass-through authentication, and then click Next.

  7. 在 [準備設定] 頁面上,按一下 [設定]。On the Ready to configure page, click Configure.

  8. 在 [組態完成] 頁面上,按一下 [結束]。On the Configuration complete page, click Exit.

  9. 從 Azure 入口網站的左窗格,按一下 [Azure Active Directory > Azure AD Connect]。確認 [傳遞驗證] 功能顯示為 [已啟用]。From the Azure portal, in the left pane, click Azure Active Directory > Azure AD Connect. Verify that the Pass-through authentication feature appears as Enabled.

  10. 按一下 [傳遞驗證]。[傳遞驗證] 窗格會列出您的驗證代理程式安裝所在的伺服器。您應該會在清單中看到 APP1。關閉 [傳遞驗證] 窗格。Click Pass-through authentication. The Pass-through authentication pane lists the servers where your Authentication Agents are installed. You should see APP1 in the list. Close the Pass-through authentication pane.

接下來,使用 user1@testlab 測試登入訂閱的功能 <your public domain>Next, test the ability to sign in to your subscription with the user1@testlab.<your public domain> User1 帳戶的使用者名稱。user name of the User1 account.

  1. 從 APP1 登出,然後再次登入,這次指定不同的帳戶。From APP1, sign out, and then sign in again, this time specifying a different account.

  2. 當系統提示輸入使用者名稱和密碼時,指定 user1@testlab.<your public domain>When prompted for a user name and password, specify user1@testlab.<your public domain> 和 User1 密碼。and the User1 password. 您應該可以用 User1 的身分成功登入。You should successfully sign in as User1.

請注意,User1 雖具有 TESTLAB AD DS 網域的網域管理員權限,但並不是全域管理員。Notice that although User1 has domain administrator permissions for the TESTLAB AD DS domain, it is not a global administrator. 因此,您不會看到 [管理員] 圖示選項。Therefore, you will not see the Admin icon as an option.

以下是您產生的組態:Here is your resulting configuration:

使用傳遞驗證測試環境的模擬企業

此組態包含:This configuration consists of:

  • 使用 DNS 網域 testlab 的 Microsoft 365 E5 試用版或付費訂閱。<your domain name>A Microsoft 365 E5 trial or paid subscriptions with the DNS domain testlab.<your domain name> 註冊。registered.
  • 簡化的組織內部網路與網際網路連線,由 Azure 虛擬網路子網路上的 DC1、APP1 及 CLIENT1 虛擬機器組成。驗證代理程式會在 APP1 上執行,以處理來自 Microsoft 365 訂閱 Azure AD 租用戶的傳遞驗證要求。A simplified organization intranet connected to the Internet, consisting of the DC1, APP1, and CLIENT1 virtual machines on a subnet of an Azure virtual network. An Authentication Agent runs on APP1 to handle pass-through authentication requests from the Azure AD tenant of your Microsoft 365 subscription.

下一步Next step

瀏覽測試環境中的其他身分識別功能。Explore additional identity features and capabilities in your test environment.

另請參閱See also

Microsoft 365 企業版測試實驗室指南Microsoft 365 for enterprise Test Lab Guides

Microsoft 365 企業版概觀Microsoft 365 for enterprise overview

Microsoft 365 企業版文件Microsoft 365 for enterprise documentation