Task 2: Hybrid Domain Setup

From Notes_Wiki

🖥️ On-Premises Domain Controller and Hybrid Azure AD Setup

Step 1: On-Prem Domain Controller Setup

  • Install Windows Server 2022 in local VM environment
  • Set static IP: 172.30.16.10
  • Install Active Directory Domain Services (AD DS)
  • Promote to new forest:
    • Domain Name: gbbrnd.local
    • DSRM password securely configured

Step 2: Local AD User Setup

  • Create Organizational Unit: RND_Users
  • Create Users:
    • rnduser1@rnd.local
    • rnduser2@rnd.local
  • Securely assigned passwords

Step 3: Device Join to On-Prem AD

  • Join a Windows 11 client to on-prem domain: gbbrnd.local
  • Verify using credentials: gbbrnd\Administrator

Step 4: Add Windows 11 VMs to Local Domain (gbbrnd.local)

  • Create Windows 11 Client VM:
    • VM Name: RND-Client01
    • OS: Windows 11 (Pro/Enterprise)
    • RAM: 4 GB, CPU: 2 vCPUs, Disk: 60 GB
  • Assign a static/DHCP IP
  • Join to Domain:
    • Navigate to: Settings > System > About > Domain or workgroup
    • Click Domain Join, entered: gbbrnd.local
    • Authenticate using: gbbrnd\Administrator
    • Reboot and login with domain credentials

Step 5: Prepare Azure AD Tenant (gbbdc.onmicrosoft.com)

  • Access Azure Portal: https://portal.azure.com
  • Add Custom Domain: gbbdc.onmicrosoft.com
  • Configure UPN Suffix in On-Prem AD:
    • Open: Active Directory Domains and Trusts
    • Add UPN suffix: gbbdc.onmicrosoft.com
    • Apply to relevant users via Active Directory Users and Computers (ADUC)
    • Example:
  Change: rnduser1@gbbrnd.localrnduser1@gbbdc.onmicrosoft.com

Step 6: Install & Configure Azure AD Connect Server

  • Create VM: RND-AADC01
    • OS: Windows Server 2022
    • RAM: 4 GB, CPU: 2 vCPUs, Disk: 60 GB
    • Static IP & DNS pointing to: 172.30.16.10 (RND-DC01)
  • Join to On-Prem Domain: gbbrnd.local

Step 7: Download, Install & Configure Azure AD Connect

  • Login into RND-AADC01
  • Download: AzureADConnect.msi from Microsoft
  • Launch installer → Accepte License → Chose Customize
  • Configuration Details:
    • Sign-in Method: Password Hash Synchronization
    • Azure AD Global Admin credentials: gbbdc.onmicrosoft.com
    • Connect to on-prem AD DS: gbbrnd.local
    • Select OU: RND_Users
    • Configure UPN Mapping:
  From: @gbbrnd.local → To: @gbbdc.onmicrosoft.com
    • Left optional features default
    • Click Install
  • Sync Triggered Automatically and complete without errors

Step 8: Verify Synchronization

  • In Azure Portal:
    • Navigate to: Microsoft Entra ID > Users
    • Verify Users:
  rnduser1@gbbdc.onmicrosoft.com
  rnduser2@gbbdc.onmicrosoft.com
    • Source: Windows Server AD
    • UPN: @gbbdc.onmicrosoft.com
  • Test Delta Sync:
    • Create: rnduser3 in ADUC under synced OU
    • Ran PowerShell on AADC server:
  Import-Module ADSync
  Start-ADSyncSyncCycle -PolicyType Delta
    • Verify rnduser3@gbbdc.onmicrosoft.com appears in Azure AD

✅ Result

  • On-Prem AD configured successfully
  • Azure AD Connect installed and initial sync completed
  • UPN suffixes and domain join tested
  • Synchronization verified with additional test user
Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Task_2:_Hybrid_Domain_Setup&oldid=9339"