How to Provide Access to Azure Resources with Azure AD

Deploy a D1_V2 virtual machine called DC01 in Azure and put it on the OnPrem network.  Once DC01 is deployed, promote it to a DC in a new AD forest called BlueWidgetCo.local.  You can use this as your “on-prem” AD for the purposes of this tutorial.  Please – Do not mess around with a production AD.

Create an OU in your on-prem AD and call it SyncedUsers.  Create a test user called User01 and place it in the SyncedUsers OU.

Configure a Custom Domain in Azure Active Directory

Once you have your on-prem Active Directory running, you can start preparing Azure Active Directory by adding your custom domain.  The custom domain you choose is the domain users will login with.  For this exercise, click here and register a domain called BlueWidgetCoXXXX.com with Register.com.  Replace XXXX with a random number (so you aren’t trying to register the same domain as someone else following this tutorial).  For example, you should register BlueWidgetCo1973.com

After registering your domain at Register.com, you need to add the domain to Azure Active Directory.  To do this, login to the Azure Resource Manager portal, click Azure Active Directory, Domain Names, and then click “add domain name”.  Add your newly registered BlueWidgetCoXXXX.com domain.

As part of the process, you need to verify ownership of BlueWidgetCoXXXX.com.  To verify ownership, jot down the TXT record that you are provided, open up the DNS management console for your domain at Register.com, and add the TXT record provided.  Once you have added the TXT record to DNS, click the “verify” button in Azure Active Directory.

Click here to join the Understanding Azure Facebook group or here for the latest Azure practice questions, answers, explanations, and reference materials.

Thomas Mitchell

Tom is a 20+ year veteran of the IT industry and carries numerous Microsoft certifications, including the MCSE: Cloud Platform and Infrastructure certification. A Subject Matter Expert in Active Directory and Microsoft Exchange, Tom also possesses expert-level knowledge in several other IT disciplines, including Azure, Storage, and O365/Exchange Online. You can find Tom at his website, on LinkedIn, or on Facebook. Need to reach him by phone? Call 484-334-2790.