Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAD Connect, AD-FS and you

Published byEustace Woods Modified over 6 years ago

Similar presentations

Presentation on theme: "AAD Connect, AD-FS and you"— Presentation transcript:

1 AAD Connect, AD-FS and you
By Malcolm Jeffrey

2 Session outline AAD Connect and IdFix What is AD-FS?
How it works for a business AD-FS and how it works with Azure AD All going well, you’ll see me finalise my ADFS WAP and achieve SSO So this is what we are aiming to get through today. Now, it’s really putting me out on a limb of hope and chance here, but by the end of this session I should have my WAP server finished off, the domain ‘stretched’ to be Federated, and then demonstrate single sign-on from a client computer.

3 AAD Connect and IdFix AAD Connect is the current tool for On-Premise to Cloud syncing It can be installed on a DC A very smooth piece of software and a HUGE improvement on DirSync Before you use it, use IdFix to sort out your domain. Can filter based on OU, and Custom Attributes Available here  Time for a look at the installation and use of it Prerequisites and info here So AAD Connect, what a massive massive step forward it is, over the predecessor software of DirSync, and AADSync. Now, with AAD Connect, there is a smooth, easy to use tool. Whilst today we won’t have a HUGE amount of time to get through a lot about it, there are a heap of things to do. Before you run it though, it is REALLY advised that you head to the Domains page on portal.office.com and download and run the IdFix tool. It’s there to make your progression a WHOLE lot smoother. Let’s face it, many of us look at AD and that OU there that’s a bit wonky, and that PowerShell query you ran didn’t quite cut it. And don’t forget the UPNs need a bit of a tidy up. Look, I know that he’s a little shy on these things, and I know that he’s aware I mention this, but look, jump to the 43rd minute of this link and see a great IdFix demo! (sorry Daniel, but it’s still the best explanation anywhere I’ve looked!)

4 How does it work? Let’s install it
Now let’s have a quick look at the install and how it works It’s hard not to drop a c! start-adsyncsynccycle How does Password Synchronization work? I ALWAYS trip up over the start-adsyncsynccycle Now all at once, let’s try and say start-adsyncsynccycle 3 x fast! :-D Just as an idea, have a look at this for password thoughts. Not rules, not tips, thoughts. Note, that a user changing their password should replicate within minutes or so.

5 What is AD-FS Secure Claims based authentication identity federation
A method of linking organisations to each others web resources An alternate to AD Trusts From the web: “Active Directory Federation Services (AD Federation Services) is a feature of the Windows Server operating system that extends end users' single sign-on access to applications and systems outside the corporate firewall.” If you aren’t too sure what claims based authentication is, then have a look at the link in the slide there.

6 What it isn’t (I know, I was surprised too!)

7 What’s new in ADFS 3.0 (highlights package)
Windows 10 Device registration No more IIS dependency (though it’s sorta kinda still there) And for a more comprehensive look prerequisites-in-windows-2012-r2/ There is plenty of information out there

8 A case study While at TechEd 2014, about to give an Exam Cram session, I was fortunate enough to talk to a guy who just happened to work for the Warehouse. I’d said to him that I often use the Warehouse/Noel Leemings as an example of how an organisation might use ADFS to allow a parent and child company to share HR info via web pages. Oddly enough, I was on the money as he comfirmed that it was exactly how they do it.

9 So how do we get it working?
You need at least two servers ADFS Server ADFS Web Application Proxy Server (in your DMZ) Obtain an SSL certificate for your domain Create a service account that will act on behalf of ADFS Create a DNS record to point at your Federation server

10 Time to get AD-FS WAP working
I hope that the Demo Deities are on my side tonight!

11 Two hugely handy PowerShell commands
What if my ADFS farm is unavailable? What happens to my users? Simply put, they can’t log in. So what to do? Set-MsolDomainAuthentication -DomainName yourdomain.local –Authentication Managed And what do you do to get it back up and running after you fix ADFS?   Convert-MsolDomainToFederated –DomainName yourdomain.local

12 Thank you so much for coming tonight
To contact me with any questions, or feedback please feel free to contact me at As always, keep an eye on the MeetUp website for any files and all new upcoming session

13 Additional Resources From the session there were a lot of question fired about and there was a common theme around load balancing. I have here a number of links that I found useful in researching this. proxy-in-windows-azure-for-office365-single-sign-on/ df0f09fe624f/port-between-web-application-proxy-and-adfs-30?forum=ADFS

Download ppt "AAD Connect, AD-FS and you"

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.

Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
Identity management integration options for Office 365

Identity management integration options for Office 365
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at

Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Office 365 Administration Ron Schindler See full Office 365 Admin course on Ron Schindler See.

Office 365 Administration Ron Schindler See full Office 365 Admin course on Ron Schindler See.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium

Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium
Key Considerations in Architecting Active Directory Federation Alexander Yim WSHFC NCSHA, Nashville on Sept 28 th, 2015.

Key Considerations in Architecting Active Directory Federation Alexander Yim WSHFC NCSHA, Nashville on Sept 28 th, 2015.
Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.

Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.
Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.

Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.
Office 365 Directory Synchronization Update: Deploying Password Sync.

Office 365 Directory Synchronization Update: Deploying Password Sync.
Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.

Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.
With ADFS and Azure Active Directory

With ADFS and Azure Active Directory

Similar presentations

Ads by Google