Microsoft Azure AZ-800 — Section 6: Preparing your domain naming infrastructure for hybrid identities Part 2

50. Configuring User Accounts for new domain names

Once you have added your custom domain into your Microsoft 365 and Azure environment, of course, one consideration there is that our users don’t just magically start having that domain name now in a perfect world, you would create your tenant. You would go ahead and get your custom domain set up before you start adding users. Or if you’re going to synchronize with Azure and connect with your on-premise domain, you would have everything already set up, right? But if you’ve already got a couple of users that have been added ahead of time, maybe some of your ID people or something like that, then you would need to go to those users and actually configure them to use the new domain name in that way. If you’re using exchange online, they’re going to get the proper email address, name and all that.

So let’s take a look real quick at our users here. I’ve just got a couple of users. I’m going to go over to the user’s blade. By the way, I’m in Portal Dot Microsoft.com, also known as Admin Dot Microsoft.com. If I drop this down, I can click on active users.

OK, and you can see I’ve got three users here, I’ve got my My John Christopher account, which I’ve already associated that with exam, my practice .com. But what about Bob Jones and John Smith? Well, let’s go ahead and adjust. John Smith first, so, we’ll go to John Smith. At that point, we can click on Manage Username, we can drop this down and we go exam lab practicum. At that point, if the user has a Office 365 license and all that, their email address with exchange online will also get updated.

OK. Granted, you know, I can license the user this user’s unlicensed. If I wanted to license the user, I can see I can go to licenses and simply associate whichever of the licenses that I want to give. Perhaps, maybe I want to give the Office 365 E5 or whatever. I can associate that now.

OK, so like down here, I’ll just do Office 365 e5. I can give enterprise mobility security. Click Save. I’ve given him a license. Just keep in mind, you’ve got to have that location. Users always have to have a location selected for that. But what I want to show you now is how I can jump into PowerShell and I can also do this.

So, you know, if I had like 50 users that had already been added and they had the wrong domain name or whatever, I could actually use PowerShell to help automate that in bulk if I wanted to.

So, if you look right here, I’ve got Bob Jones and I obviously I could click on him right now and change him, but I would rather show you how to do this in PowerShell.

So, if you ever wanted to automate the process of doing a bunch of users, you could use PowerShell to do that.

So let’s jump over into PowerShell now.

OK, so here I am in PowerShell, and the first thing I need to do is make sure I’m connected to my Microsoft 365 services so, I can just connect -in my soul service. Right? Hit Enter. And then I can sign in. Put in my password here.

OK. At that point, it’s going to, of course, if I’m utilizing the multifactor authentication, all that, it’s going to forest me to put that in, so, I’ll get a message on my phone, put in the code. At that point, I’m going to go verify and it should let me in, and it did.

OK, so the command that’s going to let us do this called the set dash, my AOL user principle principal name, and then we’ll see -user principal name where it’s going to be Bob Jones at. And then the initial tenant name I had for my domain name was Exam Lab Practice 09 20 dot on Microsoft.com. And of course, that’s the name I don’t want, right? I want to. I want to change that to just Bob Jones, that exam, labpractice.com.

So, I had space. I’m going to set -new user principal name, and the new user principal name is again going to be Bob Jones at Exam. Lab practice does help if you spell it correctly. Dot com. And just checking my syntax take for granted, guys, you also could you could use a get command, basically grab all of your users at one time and then you could then pipe that to this command and you could generate, you know, you could automate doing this on a much larger scale if you needed to. But let’s hit Enter and it should now match up. I should actually be able to say get a user. And Bob Jones now has the same line. Practical? OK, let’s pop back over into the Microsoft 365 Portal and just verify that it has been done there as well.

OK, so here we are, back right back into the browser where were, and you’ll notice Bob Jones right here still says that right? But I’m just going to go ahead and refresh, and it’s now updated.

So as you can see, it did work.

So as you noticed, you can do this a couple of ways. You can do this with the help of the graphical tools here. You can also use PowerShell to help automate things.

51. Configuring On-Premise DNS to support Micrsoft Online Services

Now, when you are ready to move towards setting up your hybrid configuration and all that and allow my on prem environment to synchronize with the cloud using Azure 80 Connect and in all that.

So, if I’m going to move that route, one of the things that I might have to think about is I might have some on-premise services such as Exchange, SharePoint, all that good stuff. And I might want the Microsoft 365 services to be able to communicate with those services so that we can have email relaying out and and all that fun stuff. But there are some considerations about DNS.

So, if we if we’ve registered, we’re registered our domain name. We already have to have that internet facing DNS server, meaning it’s a DNS server that’s available that can be hit from the internet.

So you’ll see I have this external DNS server here, internet facing DNS server who’s been put in my DMs as opposed to my private DNS server. That’s that’s only for internal purposes, right? So there there is going to be considerations, you know, when I want to register my exam, my practice .com name, for example, in the cloud, I would actually have to verify that name. And I would I would use this DNS server for verifying that name. But I’ve also got to have records that the Microsoft 365 services canhit, as well as internal services can hit to get out.

So, in some cases, they’re going to be some DNS stuff that needs to go, some DNS records that need to go on the external DNS server. There is going to be some DNS records that also have to be placed on the internal DNS so that the internal services can query the DNS and talk properly with these Microsoft 365 services. Also, that goes for these internal. I’ve got an exchange server in a SharePoint server and all that, and I might also be using Microsoft in tune with endpoint manager for doing what’s called MDMA, mobile device management, mobile application management and essentially where I’m going. That is, your DNS server has to be in loop on that.

So. And so when I say that you’re going to have to create a few records, let’s jump into our DNS server real quick on our server and we would see, you know, how records and all that would be created.

OK, so here I am over on my server, which is running DNS. I’m going to go up here. I’m in server manager. You get the server managed by clicking start and you’ll see server manager as an option. I’m going to go to ols and I’m going to click on DNS. All right. And at that point, it’s going to bring up Dennis, and I would expand that out. I would go to myexamlabpractice.com DNA database, and this where I can create my records that so, If I wanted, I could right click this right here. This where I can create host record sea name records, mail exchange records. And then, of course, if you want to create other types of records, you can click this right here. This where you can create other records, kind of like text records. All that good stuff. Pointer records, reverse look up records.

So any type of record that Microsoft is needing you to create in your DNS environment, you can do that through the DNS console here. But here’s the question you know, what are the records that we’re wanting to create? Well, Microsoft actually has an article that will walk you through what records need to be added to dance in order to make the services all work together.

So let’s see how we can. We can check out that article.

OK, so to see the information I’m talking about here, what you’re going to do, just go to a search engine like Google and type in these keywords external DNS name system records for Office 365.

So go ahead and go there and you’ll see this article right here. External domain name system records for Office 365. We’re going to click that and this article is going to walk you through what records have to exist in your environment.

So, you know, I thought about creating a little PowerPoint presentation for this, but I really feel like looking at this, this document, this actual article Microsoft written has written that it’s going to be the best way to go because you’re always going to get the most up to date information that’s that’s in here.

So, I highly recommend checking this document out. But if you go through here, it’s getting into being able to allow these records from your on prem environment to be utilized on the outside world, as well as the outside world, the Microsoft 365 services being able to talk back to your on-premise environment.

So, for example, here’s an area it’s talking about external DNS records required for Office 365.

So these are records that got to be accessible in order for your users to be able to talk to the Office 365 Microsoft 365 services.

So, they tell you that you’ve got to have two two records here. Mean, basically the two two records to their external DNS. All right, the first is a sea name record. They tell you in the second is you may have to create this text record and that’s for your domain name verification, for creating custom domains and and all that good stuff.

OK. And they tell you a name, record, canonical name record you have alias MS. ID. And this going to be where you would point that to.

So you could create that on the DNS server, which I just showed you just a bit ago.

Now for exchange online, OK, if we’re going to be having external DNS records required for email and Office 365, they have some different records here. One is for auto discovery. This going to log your computers to find exchange.

OK, you have Emacs records, which is going to allow your mail systems to basically send email to your domain name based on your domain name and then the text record. And this going to be for essentially allowing your email systems to be validated when when the server is sending your email for approval with the exchange online services.

OK.

So, they actually have a few links here. You can read a little deeper if you want it into some of these. But here are the records that actually have to be created.

So you have to have a senior record called Auto Discover and it’s going to point to Auto Discover Dot Outlook.com.

So you get to make sure that you’re on like you’re on from his clients and stuff that they’re going to be authenticating and communicating with exchange online. You can make sure your DNS service knows about these little records here.

OK? And one one. One thing of note, if you register your domain name through somebody like GoDaddy, Microsoft will actually configure the records for you automatically so you don’t have to do it manually, but they don’t have quite that agreement with all the different DNS providers out there. But again, this article is going to walk you through step by step, so, I highly recommend kind of go through and look through this article, especially if you’re doing this because it’s going to it’s going to essentially go through it with you step by step. All right.

So explaining exactly what records have to be into DNS in order for your exchange online services to work and you start getting in a team Skype for business all that well, formerly Skype for Business, you can add records for all that as well. Maybe, you still had some of the older Skype for business stuff in place. You have record information for that also. But again, this article is going to walk you through step by step on how to do that.

So, I would I would recommend taking a few moments and just kind of read through this article real quick. It’s going to give you some good information if you’re implementing this going to walk you through step by step on how to do it.

Related posts:

  1. Advantages of Free IT Training: Top 6 Benefits That Will Bring You More Than You Think
  2. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 15
  3. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 26
  4. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 36
  5. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 4
  6. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 47
  7. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 58
  8. Microsoft Azure AZ-800 — Section 3: Deploy and manage AD DS domain controllers Part 5
  9. Microsoft Azure AZ-800 — Section 5: Create and manage AD DS security principals Part 5
  10. Most Popular Certification Choices for Top 6 IT Jobs in 2020 You Should Know About