Before starting the integration process with Windows Azure a couple of settings are required on both environments: on-premises and Windows Azure Active Directory. In this Tutorial we are going to cover these steps.
Enabling Synchronization in Windows Azure…
There is one step that needs to be done on the Azure console which is to enable the Directory Sync.
In order to do that we can go to Windows Azure Portal (https://manage.windowsazure.com), click on All Items, and then click on the directory listed on the right side. After that, click on the Directory Integration tab and switch the Directory Sync option to Activated, and click on save located at the bottom of the page.
After hitting the save button a confirmation will be required, click on Yes.
Note: By clicking yes we are accepting the fact that the Windows Azure Active Directory will receive information from the on-premises and some data may be overwritten in case of objects with the same name.
As result, we can see that the Directory Sync was changed to Activated and the information below informs us that the synchronization has never run.
If you are planning to use single sign-on and also wants all your users synchronized to match the Custom Domain that you added previously to Windows Azure, then you need you add a UPN in your on-premises Active Directory to match that Domain in Windows Azure.
In order to configure a UPN open the Active Directory Domain and Trusts, right-click on the first item on the left and click Properties.
Type in the name of the new UPNs and click on add and then OK.
Wait for the replication to take place and after that we will be able to change existent and new users to use the new UPN.
Modifying a single user…
If we want to modify a single user, we just need to the user’s properties using Active Directory Users and Computers, and on Account tab we can select our newly added UPN which matches the Windows Azure custom domain that we created previously.
Modifying several users..
There are several ways to modify a group of users. If you want to use Active Directory Users and Computers, just select all desired users and click on Properties.
Go to Account tab, and select UPN Suffix and select the UPN suffix and click on OK.