Hooray! The guide and accompanying PowerShell script is released to everyone here: http://aka.ms/AD2AAD. Federate and DirSync your AD to Windows Azure AD in about 15-20 minutes!
- In the future, you can expect some blog posts from me on:
- Scripting adding more servers to the AD FS and AD FS Proxy farms
- Running AD and AD FS server in Windows Azure IaaS
Now for some history behind the project if you care to read on… I received the vision for this project back in June of 2012 when I was helping to drive the Consumerization of IT foundation session at TechEd NA & Europe. For one of our demos, we were using AD FS & DirSync providing SSO from our on-premise AD to a Windows Azure AD store that attached to Office 365 and Windows Intune. At that time I hadn’t really played much with AD FS and one of my other team members setup all of this. Over different points in that month a number of things hit me and here are a few:
- I was pleasantly surprised at how little infrastructure it took (one WS 2008 R2 VM running AD FS & DirSync) to make almost all of the functionality work without having publishing enabled back to the AD FS server.
- When I went to set this up in my own demo environment, I was frustrated at how scary, conflicting, and confusing the online documentation was.
- DirSync alone really wouldn’t cut it for many folks which made the need for AD FS configuration even greater. Why? #1 – You’d have to maintain two separate passwords for your accounts, #2 – Even if you did use a 3rd party tool to sync the password with DirSync, it still wouldn’t be a “true SSO”. By “true SSO” I mean after you login to your machine with your CORP credentials you could automatically sign to cloud services in without having to type any username or password again.
After this I set on a mission to make it much easier/quicker to get all this done for not only people who want to do demos, but also the general public who might want to have a better cloud service trial or eventually deploy this solution in production. Many conversations with engineering and others inside of Microsoft, lots of testing, about 1500 lines of PowerShell code, and ~9 months later – here we are!