How to Provide Access to Azure Resources with Azure AD

Once you have verified the domain, create an administrator for it and call it and assign it Global Admin role.  Login to the portal with the account once so you can reset the temporary password you are provided.

Again, if you would like to follow along, click here to register a domain at and complete the steps above.

Synchronize Local AD to Azure Active Directory

Now that you have a running on-prem Active Directory and a custom domain added to Azure Active Directory, download Azure AD Connect to the DC01 server in your on-prem AD.  Do not install it yet.  You will install it shortly and use it to synchronize your local AD users to your Azure AD.  Before synchronizing your on-prem AD to Azure AD, you have to make sure your on-prem AD domain name is internet routable.  If you are following along with this tutorial, your on-prem AD is not routable (it is a .local domain).

If your local AD domain is non-internet-routable (it is a .local domain, for example), be sure to open up Active Directory Domains and Trusts from your on-prem DC and add the domain as a UPN suffix.  After adding the suffix to your local AD, go into Active Directory Users and Computers in your on-prem AD and change the UPN suffix for User01 to

Synchronize Local AD to Azure AD

Once you have your local AD prepared, you can install Azure AD Connect.  Login to your DC01 virtual machine and launch the Azure AD Connect installer.  Perform a custom install (leave all 4 optional configuration checkboxes unchecked) and click Install.  Configure it to synchronize the BlueWidgetCo.local forest to Azure Active Directory.  Choose the password sync option.  Leave everything else unchecked.  You may see a message indicating BlueWidgetCo.local cannot be synced.  That’s fine; you do not want to synchronize that domain anyway.  You will, however, see an option to synchronize  Synchronize it.

Click here to join the Understanding Azure Facebook group or here for the latest Azure practice questions, answers, explanations, and reference materials.

Thomas Mitchell

Tom is a 20+ year veteran of the IT industry and carries numerous Microsoft certifications, including the MCSE: Cloud Platform and Infrastructure certification. A Subject Matter Expert in Active Directory and Microsoft Exchange, Tom also possesses expert-level knowledge in several other IT disciplines, including Azure, Storage, and O365/Exchange Online. You can find Tom at his website, on LinkedIn, or on Facebook. Need to reach him by phone? Call 484-334-2790.