Hooray! The guide and accompanying PowerShell script is released to everyone here: http://aka.ms/AD2AAD.  Federate and DirSync your AD to Windows Azure AD in about 15-20 minutes!

    In the future, you can expect some blog posts from me on:

  • Scripting adding more servers to the AD FS and AD FS Proxy farms
  • Running AD and AD FS server in Windows Azure IaaS

Now for some history behind the project if you care to read on…  I received the vision for this project back in June of 2012 when I was helping to drive the Consumerization of IT foundation session at TechEd NA & Europe.  For one of our demos, we were using AD FS & DirSync providing SSO from our on-premise AD to a Windows Azure AD store that attached to Office 365 and Windows Intune.  At that time I hadn’t really played much with AD FS and one of my other team members setup all of this.  Over different points in that month a number of things hit me and here are a few:

  1. I was pleasantly surprised at how little infrastructure it took (one WS 2008 R2 VM running AD FS & DirSync) to make almost all of the functionality work without having publishing enabled back to the AD FS server.
  2. When I went to set this up in my own demo environment, I was frustrated at how scary, conflicting, and confusing the online documentation was.
  3. DirSync alone really wouldn’t cut it for many folks which made the need for AD FS configuration even greater.   Why? #1 – You’d have to maintain two separate passwords for your accounts,  #2 – Even if you did use a 3rd party tool to sync the password with DirSync, it still wouldn’t be a “true SSO”.  By “true SSO” I mean after you login to your machine with your CORP credentials you could automatically sign to cloud services in without having to type any username or password again.

After this I set on a mission to make it much easier/quicker to get all this done for not only people who want to do demos, but also the general public who might want to have a better cloud service trial or eventually deploy this solution in production.  Many conversations with engineering and others inside of Microsoft, lots of testing, about 1500 lines of PowerShell code, and ~9 months later – here we are!

Share This