LAB1:

INSTALL AND CONFIGURE AZURE AAD CONNECT:

INSTALL ADDS DOMAIN SERVICES using powershell.

Go>>PowerShell>>Run as Administrator>>type the following commands

Install-WindowsFeature –Name AD-Domain-Services -IncludemanagementTools

Screenshot is attached here with reference

Now for verification type:

Get-WindowsFeature
Step: 2

Now promote this server into Domain controller

Go to server Manager >> click on yellow color Triangle >> click on Promote this server in to Domain
controller.

Select Radio bottom: Add New Forest

Root Domain Name: angel.com

Click on Next
Provide the DSRM password >> click on next>>
Click on Next>>

Click on Next>>
Click on Next>>

Click on Next>>
Click on Next>>

Click on Install>> Reboot is required:

For Verification >> type net accounts>>server role is showing Primary.

STEP2: Download and installed AAD connector in active directory using below links:

https://www.microsoft.com/en-us/download/confirmation.aspx?id=47594

Accept the agree to the license term and private notice>>click on continue
>>Click on Use Express Setting

Enter your Azure AD global administrator credentials:

>> create a user having global admin privileged:

Login to the portal>>go to azure active directory>>click on user>> create a new user>> provide the
below details>>click on create

Screenshot is attached here with more reference:

For Verification click on all user >>show the user>>double click the user>>go to assign rols>>it show
Global administrator>> screenshot is attached here with more ref:

Login to the portal>>provide the azure ID>>click on next>>then reset the password>>screenshot is
attached here with more reference:

NOTE: Before reset copy the password and save in notepad

Enter your Azure AD global administrator credentials>>click on next

Click on next>>
Click on Install:

Select the radio button password Hash Synchronization

Click on Next>>click on add>>provide the domain user and password>>click on ok

Click on next>> again next>> next>>

Select the option as per your requirements

Click on Next>>

Check synchronization all users and devices >>click on next>>click on next>>

Select the checkbox password hash synchronization

Select the box start the synchronization process when configuration is complete>>click on install
For verification click on all user>> see On-prem directory synch service account is created:

Creating a OU and add user into the OU

Run the AAD tools as an administrator>>click on configure>>select the option custom synchronization
option>> click on next>> screenshot is attached here with more reference
Provide the credential for Azure AD global administrator>>click on next>>

Screenshot is attached here with more reference

Select your forest>>click on next>> synch your domain and ou as per your requirements>>click on next
Select Password Hash Synchronization option>> click on next>>

Start the Synchronization process>> click on configure>> wait for few times >> screenshot is attached
For verification login to portal or refresh the portal if login check in active directory user it showing:

Scrrenshot is attached here with more reference:

LAB2: Lab2: Create virtual network

Go to>>virtual network>>click on add>> provide the below details as per requirement then click on
ok>>after recourse deployment successfully>> refresh the page>> virtual network is showing

Below Screenshot is attached herewith ref:

STEP2: Once the virtual network is created select the virtual network>>go to IAM>>click on add roles
and assignment>>drop down the box and assign the roles that you want to add>>browse the
user>>select the user and click on save.
STEP3:

Login to the user and reset the password >>after login showing the resources

Screenshot is attached here with more reference:

Manage your Subscription Using RBAC:

Go to Subscription>>click on your subscription>>click on add roles and assignment>>drop down the box
and assign the role (Owner)>>browse the user>>select the user and click on save>> refresh the page it
showing the assigned role>>also login to the portal with assigned roles user>>click on subscription>>
click on IAM>>click on roles assignment

Below screenshot is attached for more reference.

NOTE: Similarly you can assign the roles to access the resources like RG, VNET, DATABASE, and STORAGE
ETC.
 LAB3: CREATING YOUR OWN DIRECTORY AND ADD CUSTOM DOMIN IN AZURE AD

Step 1: Create your own domain name for free go through the link

http://www.freenom.com/en/index.html

Step2: Go to Azure Active directory>> click on domain name space>> click on add custom domain >>type
your domain name (eg:ashok.ga)>> click on add domain>>

Create your records and click on save>>click on verify

below screenshot is attached here with reference:

Step3: For verification go to custom domain and showing tour newly created domain.

Step4:Create your user in new domain.

Step5: for verification below the scrrenshot:

LAB4: How to join windows 10 machine in domain.

Creating a virtual machine using Azure portal>>connect to the machine using RDP>> go to setting>>

Search for account >> click on connect>>click on add this machine in azure ad>>

Provide the username and password

Ex: UN: ashok@kunmuni1995outlook.onmicrosoft.com

Password: *********

For verification go to azure portal>>azure active directory>>Device

Check your windows 10 machine is available or not

LAB5: CONFIGURE MULTI FACTOR AUTHENITICAION (MFA):

Go to azure AD>>select the user and click on multifactor authentication

New tab will open >>select the user and click on enable:

Click on enable multifactor authentication

Click on close

Login to the user with password in another browser>>click on next:

As per your availability select the option

Provide the phone number>>click on next

Click on done

Again login with the user and provide the OTP and user logged in successfully.
LAB6: Administration azure AD

How to: Add or delete users using Azure Active Directory:

To add a new user

 Sign in to the Azure portal as a Global administrator or user administrator for the directory.

 Select Azure Active Directory, select Users, and then select new user.

 On the User page, fill out the required information .

 4. Copy the auto-generated password provided in the Password box. You'll need to give this password to the user for the
initial sign-in process.

 5. Select Create.


LAB2: How to: Add or update a user's profile information using Azure Active Directory
To add or change profile information

1. Sign in to the Azure portal as a Global administrator or user administrator for the directory.

2. Select Azure Active Directory, select Users, and then select a user. The shabna - Profile page appears.

3. Select Edit to optionally add or update the information included in each of the available sections.

Below screenshot is attached for editing the info and save it

For verification go to user profile and check it.

LAB 4: How to: Reset a user's password using Azure Active Directory:

To reset a password

1. Sign in to the Azure portal as a global administrator, user administrator, or password administrator.

 2. Select Azure Active Directory, select Users, search for and select the user that needs the reset, and then
select Reset Password.

3. The shabna Profile page appears with the Reset password option.

4.In the Reset password page, select Reset password.

A temporary password is auto-generated for the user.

5.Copy the password and give it to the user. The user will be required to change the password during the next sign-in process.
For verifivation login to Azure portal with user name and reset password>>change the password
in next logon…

LAB: 5 How to: Assign and remove roles and administrators to users with Azure Active Directory:

To assign a role to a user

1. Sign in to the Azure portal using a Global administrator account for the directory.

2. Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment. For
example, Shabna

3. On the Shabna - Profile page, select Directory role.

The Shabna - Directory role page appears.

4. Select Add role, select the role to assign to Alain (for example, Application administrator), and then choose Select.

Select the Role as you want also select multiple role assign to user>>click on select.
For Verification you have to check in Directory role.

Remove a role assignment

If you need to remove the role assignment from a user, you can also do that from the Shabna - Directory role page.
To remove a role assignment from a user

1. Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment removed.

2. Select Directory role, select Application administrator, and then select Remove role.

For verification you have to check in user directory

How to: Assign or remove Azure Active Directory licenses:

To find your product and license details:

1. Sign in to the Azure portal using a Global administrator account for the directory.

2. Select Azure Active Directory, and then select Licenses.>>The Licenses page appears.

Click on purchase>>
Click on try/buy>>

Here it showing the Azure AD premium version>>as per requirement you have to select>> click on free trail>>click on
activate

Once it will activate it will show in product tab:

Assign licenses to users:
To assign a license to a specific user

1. On the Products page, select the name of the edition you want to assign to the user. For example, Azure Active Directory
Premium Plan 2.

Select the user>>click on select>>Assign.

How to: Restore or permanently remove a recently deleted user with Azure Active Directory:
To view your restorable users

1. Sign in to the Azure portal using a Global administrator account for the directory.

2. Select Azure Active Directory, select Users, and then select Deleted users.>>Review the list of users that are available to
restore.
Restore a recently deleted user:

To restore a user>>On the Users - Deleted users page, search for and select one of the available users. For example, Rintu

Restore user:

For verification check in Azure AD>> user tab

How to: Create a basic group and add members using Azure Active Directory:

To create a basic group and add members:

1. Sign in to the Azure portal using a Global administrator account for the directory.

2. Select Azure Active Directory, Groups, and then select New group.

3. In the Group page, fill out the required information:

4. select the group and click on Add member to add item in a group

5. Select the member that you want then select and click on select>> for verification go to Group >>select group >>click on
member:
 6. Screenshot is attached here with for more ref

Lab:8 If you want edit the group then select the group>> go to property>>changes as per your requirement then click on save:

LAB:8 Assign licenses to users by group membership in

Azure Active Directory:
Step 1: Assign the required licenses

1. Sign in to the Azure portal with an Administrator account. To manage licenses, the account must be a global
administrator role or user account administrator.

2. Select All services >>then select Azure Active Directory.>>On the Azure Active Directory >>

select Licenses >>Under All products>>select the product that you want>>click on assign:

Screenshot is attached here with for reference

For verification click on Marketing Group>>click on license>>check

LAB: 10 Configure single sign-on (SSO):
Agenda for SSO LAB

Step1: Create free account in people HR accounts

 https://www.peoplehr.com

Go with free trail version and provide the below details>>click on signup free

Provide the below details and click on next:

Provide the below details and click on next>>creating successfully>>click on lets go

Creating your people hr accounts

Allow user to my people HR accounts:

Go to user>>select the user>>copy the mail id.

Login your people HR accounts: Create an employee profile

Go to employee tab>>add employee>>provide the details>>put your Azure id in Email tab

Allow People HR in Azure:

Go to Azure Active Directory>>Click on Enterprises application>>click on New application>>select people hr >>click on add

Click on Single-Sign-On
Click on SAML:

Click on Edit
Provide the below URL link and click on save

Add

Add user to people hr accounts: click on add user>> add user as per your requirments>>click on assign
Download the Federation Metadata XML file and upload to People HR

Go to Single sign on>> go to SAML Signing certificate>>click on download

Go to peoplehr accounts>> setting>>company>>click on browse upload the SAML metadata file

Sign out all the accounts and again sign in

NOTE: when login to people hr accounts it redirect to MS Azure Accounts:

All done: