IT Training| Azure Active Directory for helpdesk

Special thanks to our member for creating this content: John Korduba

Main Course Content Page


Azure vs. Active Directory 

Loading AD Sync to Active Directory

AD Connect

Added accounts

Checking status

Forcing the Sync

Creating a New User

Creating a Guest User

Enterprise applications

Adding an application

Adding a user to an application

Azure vs. Active Directory

Azure Active Directory is a cloud service. It does not replace Active Directory Domain Services (AD DS), which is an “on prem” service. In hybrid environments, Azure and AD work together, but they are separate services. Azure will not manage anything on prem, and AD will not manage anything in the cloud.

In an on prem “domain” environment, the Domain Controller machine – using Active Directory – manages all the devices that have been joined to its domain.

An Exchange server handles the mail services for the on prem environment.

We have added Office 365, a cloud based service that provides different apps, including Outlook.

We will add a tool called “Azure AD Connect”to the Domain Controller, which will talk to Microsoft 365, as well as internally to our on prem systems.

Loading Azure AD Connect to Active Directory

(This action requires Admin level rights.)

Launch the Domain Controller.

If you are prevented from downloading needed files, then you must temporarily turn off internet security for this machine. (See screencaps following).

In Internet Explorer security…

Click “Don’t use recommended settings.”

In IE address field, enter “”.

Press Enter.
(Security alerts may display).

Click OK.
Another IE security prompt displays

(We will be unable to download needed files).

Let’s correct for this.

In the Domain Controller, launch Server Manager.

Click Local Server.

In the Properties window, scroll to the right. Notice that “IE Enhanced Security Configuration” is On.

Click On link.
(“Internet Explorer Enhanced Security Configuration” dialog box displays)

Select Off for both “Administrators” and “Users”.

Click OK.
(Security settings have been changed. Let’s access the internet again).

In IE address field, enter “”.

Press ENTER.
(This time the Security prompts do not come up, and it goes straight to the log in screen.)

Sign in to your Microsoft 365 account.

Note that Azure has its own portal: “”.

Once signed in, go to a new tab and type “”.

Press ENTER.
(“Welcome to Azure” screen displays).

Click Continue to Azure Portal website.
(Prompt displays)

Click Skip….
(“Welcome to Microsoft Azure” prompt displays)

Click Maybe later.
(“Azure” options screen displays)

Azure allows you to load different kinds of services.

For example, if you click the hamburger button (in the upper left of the screen)
a menu drops down.

From the drop-down menu, click Azure Active Directory.
(“Overview” screen displays).

From the left side menu, under Manage, click Users.
(User accounts display)

Note that these are the users that we created in Microsoft 365. Azure is the backend of 365.

The view here has all the user admin features that M365 has plus a lot more. SysAdmin level rights are needed here. Typically, an L1 or L2 tech would not be making changes here.

In above screen cap, notice the Source column for each user. This means that when you create a user in M365, the user is actually being added to Azure Active Directory.

AD Connect

Let’s look again at the main Azure page.

In the screen cap above, in the Azure AD Connect area, notice that Status displays as “Not enabled”.

“Last sync: Sync has never run” refers to the connection between Azure (cloud) and Active Directory (on prem). There has been, up to this moment, no synching between these two systems. The users listed above were added in the cloud.

Click Azure AD Connect
(“Azure AD Connect” screen displays).

Click Download Azure AD Connect.
This process will download the tool to our Domain Controller machine.
(“Language: English” prompt displays)

Click Download.
(“Do you want to run or save AzureADConnect.msi….?” prompt displays).

Click Run.

Click the icon on the desktop.
(“Azure AD Connect” launches).

Welcome screen displays.

(Click “I agree to the license terms and privacy notice” checkbox).

Click Continue.

(“Express settings” screen displays)

Click Use Express settings.
(“Connect to Azure AD” screen displays)

Notice in above screen, it’s asking for an admin with “global” admin rights. Your 365 account should have this.

Log in with your 365 credentials.

Click Next.
(“Connect to AD DS” screen displays).

Enter your “Active Directory Domain Services administrator” credentials. This is the on premises Domain Admin.
(You would enter the “helpdesk” user you created on the second day of training. This account has admin rights).

NOTE: In the above user name field, the name begins with the NetBIOS name; followed by a “\’; then, the user name.

Click Continue.
(“Azure AD sign-in configuration” screen displays”)

Check “Continue without matching all UPN suffixes to verified domains”.

Click Continue.
(“Ready to Configure” screen displays.)

Click Install.
(Installation runs)

(Installation complete).

Click Exit.

Added accounts

The AD sync installation added some extra accounts to AD DS.

Open AD DS/ Active Directory Users and Computers.
(A new account has been added – “AAD….”).

Open Task Manager/ Services tab.
(“Services” tab displays).

Notice the “ADSync” service.

To start or stop the service, right-click.
(menu displays).

Click Open Services.
(“Services” screen displays)

Every machine has a “Services” area.
(You can search for it by typing “Services” in the search field of the desktop)

NOTE: An issue with a service would display in Event Viewer.

Checking status

Let’s return to Azure Active Directory.
(“Overview” page displays).

Click Refresh.

Notice in above screen that, in Azure AD Connect area, ”Status” = enabled and “Last sync” = 1 hour ago. This indicates a “hybrid” infrastructure” where Azure (cloud) and AD DS (on prem) are connected.

Click Users.
(“Users” screen displays)

Notice in above screen that some users were added in 365 (cloud), while others were added in Windows Server AD (on prem).

Forcing the Sync

AD and Azure typically synchronize every 30 minutes. Forcing a synch ahead of schedule would typically be done by a sysadmin.

Creating a New User

Click + New User
(“New User” dialog box displays)

Follow the prompts.

NOTE: You can either create the new user account, or, by clicking “Invite user”, email the user with their credentials.

Creating a Guest User.

A guest user account would be appropriate, for example, for a vendor who needs access to your system in order to work on it.

Click+New Guest User.
(“New user” screen displays)

Follow the prompts.

NOTE: Guest users can be created in Azure, but not in 365. Also, you can either just create the guest account, or, by clicking “Invite User”, email the guest user with their credentials.

Enterprise applications


Your company has a Zoom account. When an employee wants to access a Zoom session, instead of putting their personal credentials, they can sign in with their company’s credentials. This has to be set up beforehand, as per the following:

From Azure/ Overview page, click Enterprise applications.
(“Enterprise applications” screen displays).

Applications already set up with the enterprise, display.

Adding an application

To add an application to above list, click +New application. Follow prompts.

Adding a user to an application

Any user who who will need to be accessing the app will first have to be added.

Click the application (in this case, we selected “Outlook Groups”).
(“Outlook Groups / Overview”screen displays.

Follow the prompts.
(User will be added to a list of users authorized to access the app using company credentials).

Special thanks to our member for creating this content: John Korduba

Main Course Content Page

0 responses on "IT Training| Azure Active Directory for helpdesk"

    Leave a Message