Microsoft Azure AZ-800 — Section 7: Implement and manage hybrid identities Part 5

60. Identifying all data being migrated in Azure AD Connect

All right, so, I am now on the optional features screen here, and it’s important for me to identify other things I want to do. Number one, if we have exchange on-premise, these two checkboxes will not be great out. I do not have exchange installed on my little trowel. My little lab environment here. But if I had exchange like server installed in my environment, I could select these and I could say I want to do it a hybrid deployment, which is where I’m going to connect my exchange environment to the cloud and with exchange online and have them work together. Keep in mind, if you don’t select this originally, you can always go back and select it later. And then also, if I want to, you know, synchronize my mail, public folders and all that, I can do that to this checkbox here. Azure 80 app and attribute filtering.

OK, so this right here, if you’ll notice what it tells you, it says by enabling this, the basically the set of synchronized attributes can be tailored to a specific set. On a subsequent page of the wizard. They’re basically telling you that with Azure data, if you select this option, this going to let you select which attributes in Azure ad applications, cloud based applications. If you would like some of them to synchronize down on-premise, this going to make things work a little smoother for your client computers that are interacting with some of the cloud services, it’ll already be part of Active Directory. And these these clients will be able to utilize these cloud apps and interact with Active Directory, and the attributes can be looked up by LDAP queries and all that. And it also allows you to set things like policies on-premise involving those apps and all that.

So, I am going to select that. And then you’ll see in a second you’ll notice it popped right here.

So you notice that, OK, so, I’ve now got that. Then I’ve got password hash synchronization. That’s the option I chose. I can’t grade that out because I chose that in the very first screen. Then I’ve got password right back, password right back is going to make it where I can change my password out in the cloud and it’s going to synchronise back down to the on-premise. If you don’t select that, then basically users can only change their passwords on-premise and it’s going to synchronize out.

OK, I’ve got group right back, but just so, you know, used to be able to select this box, they’ve moved this now. They tell you this feature is disabled because there is no eligible forest for group right back. And so with group right back there, actually there’s a different location for my domain will have to actually get Azrieli connected stalled before I can utilize that same four device right back. You can use device right back, but we have to get things connected in in order to use that. And then finally, we got directory extension attributes S.

So what this going to do is this going to allow directory attributes. These are on-premise Active Directory attributes to synchronize to the cloud, which is good because if some of our web apps are needing to be able to query some of the on-premise Active Directory attributes look certain things up. Those attributes will be in the cloud.

So, it’s funny because this right here is going to bring attributes from the cloud in this. This right here is going to bring attributes from inside out.

So, we’ll select that and now you’ll notice it added another option down here.

So, we’re going to click next. And here is the Azure apps are seeing which apps do you want to synchronize the attributes into your on-premise Active Directory.

So, I could say all these or I could select this box and I can choose what I want. I’m just going to say all of these.

So then we’re going to click next. This Azuri attributes, so, it says these attributes will be exported to Asiaid based on the previous election.

So because I chose all those apps, it’s going to any of the attributes on-premise that Active Directory needs to know about involving those applications will now get synchronized out to the cloud.

So, I could, if I wanted, I could edit this list, disable things I don’t want. But I’m going to go ahead and accept all those, and then I’m going to click next. And then here is a synchronized directory extension attributes from on-premise to Azuri Rd to make them available in the cloud for cloud based apps.

So this the one I was talking about where we want our cloud based apps to be available to have all of that information ready to go. If any of the cloud based apps need to query for some of the attributes from our on-premise Active Directory, they can do that.

OK.

So, I can go through here and select which of these that I actually want to synchronize so, I can just add whichever of these I want.

OK? Simply by just selecting each individual, one funny thing is that some of these attributes are already going to be synchronized by this previous screen. I think it’s kind of a redundant and I kind of feel like it’d be great if they just grade out all the ones that already been synchronized. But that’s not the way they did it.

So, OK, we’re going to click next. And then at that point, because we chose that, we said that we wanted to support single sign on air.

So this going to be supporting seamless.

So and all that it says that I need a domain administrator account to create the connection between the on-premise and the cloud for supporting S0.

So, it’s going to create a connection for that and configure the settings that are needed. It’s going to basically create what’s called an endpoint that’s going to connect to the cloud and support seamless SSL.

So, I’m going to say enter my credentials and I’m going to enter my exam lab practice backslash administrator, put in my credentials and click, OK. And we’re ready to go. We’re going to click next. All right, it’s checking everything, making sure all the components are there that need to be there and then at that point, we’re ready to pull the trigger, but before we do, I want you to notice something start the synchronization process when configuration completes or I can choose Enable Staging Mode. Staging mode is going to set everything up, but it’s not going to synchronize.

So for fault tolerance with our Azure 80 server, your primary Azure 80 server, you would not want to enable staging mode on. But then what you do is set up another server and enable staging mode on that other server will be a sort of a backup Azure Connect server in case this one was to fail.

OK, if it went down, the other server can do the synchronization for you. All right. Well, I’m now ready to do it, so, I’m going to pull the trigger. We’re going to click install and we’re going to let this sucker sink, and I’m going to pause the video while it’s synchronizing and we’ll come back. All right. The Wizard has completed the synchronization process, and I can now exit out of that and we’re going to jump into Azure Ad and just see if our accounts are there.

So, we’ll bring up our browser and we’re going to come over here and we can refresh our browser here. But let’s start from the beginning. Let’s click the menu button. Let’s go to Azure ad. Just to kind of refresh your memory on how to get to all of this, So, we’re a portal dot azure .com, I just went to Azure ad and then I was going to select right here on the user’s blade. And we’re going to see if things are there.

OK. All right.

So after refreshing here we got all of our users that were in our I.T. department. As you can see, the same ones that we’ve seen are all now showing up.

So the other thing we can do is we can come over here to our little menu bar. We can go to Azure datagain. And if we click on Azure 80 Connect, we should be able to see that synchronization actually did go through. Shouldn’t say off anymore, although sometimes I’ve had to refresh my browser on that too.

So Azure 80 Connect, we’re going to click on that and we’ll see what we get here. And it looks like it is good refresh.

So says enabled less than an hour ago, password hash thing is what we’re using. We’re not using federation, not using P.T.A..

OK. And so now we’ve officially got Azure Connect synchronizing with our on-premise ads.

61. Manage Azure AD Connect Health

OK, so, If you watch the last lesson, you saw me run Azure 80 Kinect and I’d like to show you guys now that my user accounts have been synchronized. As you can see, I’m here in the Portal Dot Azure rcom under Azure Ad, looking at my users and they are the users that got synchronized notice that it says under source. It tells you that some of the users are Windows Server ad and some say Azure ad.

So the ones that say Azure 80, those are cloud only accounts, OK? They’re just out in the cloud, but the ones that say Windows Server add, obviously those are officially synchronizing between the two environments the on Prem and the Azure ad..

OK, now the next thing I want to show you is a little something called Azure EDI Connect Health. This a way for you to check your synchronization and make sure that you’re on Prem environment is synchronizing properly with the outside world.

So, I’m going to go over here to this little menu bar bar here, and I’m going to go back over here Azure ad and you’ll notice I can go to Azure EDI Connect, so, I’m going to click that. And I want you to notice that it says the sink status is now enabled now, if you remember from my previous lesson, I showed you that this was not turned on by default. We actually had to download the tool and install it, and we did and notice it’s telling you that pass password hash synchronization is being used. I’m not using federation right now.

OK? I do have seamless SSL going, but if I scroll down, what I want to show you, is this right here? Health and analytics? OK, so let’s click on this. This Azure Connect Health.

OK, so right here. First thing’s first, we’ve got Azure Ad Connect installed on our server. And when you install that on your server, you’re already already monitoring synchronization health. But if you would like a domain controller to report its health information, then you can install the aid agent right here on a domain controller. If you are using a federated server in ADF server and you would like it to send its health analytics to the cloud, you can install this guy right here, which is the Azure Kinect health agent for a DFS, which is Active Directory Federated Services.

OK, I’m going to jump over now. We’ll take a look at our sync errors and see if we have any. Hopefully we don’t.

OK, perfect. This what you want to see. You don’t want to see any errors. If you did have errors, you could export those and try and troubleshoot. And then here I’ve got sync services. This telling me if I’m healthy or not. And as you can see, sync services are healthy.

OK, looking down here. If I had AIDS first, I could see this AIDS services, this telling me if, if, if there’s any problems with synchronizing with my director services and the health there, you have to install the health agent on a domain controller to get that, though, and then you’d have to install the health agent on the ADF server to get the statistics for that.

OK. But all in all, as you know, as you’ve seen, I’m healthy, OK, which is a good thing. And of course, you also got settings here. If you want to configure some of the settings, you’ll notice that you see it says use auto update automatically update your installed Azrieli Connect health and health agent when the latest version comes out.

So essentially what will happen is whenever there’s a new version, it’ll update that new version for you.

OK. I’ve also got a troubleshooting troubleshooter down here where I could try to do some troubleshooting if I was having problems. But all in all, as you can see, Azrieli Connect Health is pretty straightforward. It’s going to try to help you troubleshoot if there was some synchronization problems happening between ads on-premise and as reading.

Related posts:

  1. Advantages of Free IT Training: Top 6 Benefits That Will Bring You More Than You Think
  2. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 15
  3. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 26
  4. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 36
  5. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 4
  6. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 47
  7. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 58
  8. Microsoft Azure AZ-800 — Section 3: Deploy and manage AD DS domain controllers Part 5
  9. Microsoft Azure AZ-800 — Section 5: Create and manage AD DS security principals Part 5
  10. Most Popular Certification Choices for Top 6 IT Jobs in 2020 You Should Know About