Implementation for Active Directory integrations with Entra ID.
Copy the template for the .auto.tfvars
:
cp config/template.tfvars .auto.tfvars
Set you public IP to be allowed in the firewalls:
dig +short myip.opendns.com @resolver1.opendns.com
Create the infrastructure:
terraform init
terraform apply -auto-approve
Terraform will install AD-Domain-Services
via custom scripts extension.
Install the AD Domain Services package:
If possible , set the domain to be the same as the Entra tenant. Needs to be <= 15 characters due to Active Directory dependency on NetBIOS.
# You'll need to type in the password and select "A" for all
Install-ADDSForest -DomainName contoso.local -InstallDNS
🔴🟢 The server will be restarted.
Management of the forest can be implemented
Synchronization options are performed in the agent. There are two offerings for sync:
- Entra Connect Cloud Sync
- Entra Connect V2
Terraform will also have created an administrator
account with Hybrid Identity Administrator
privilege to be used during Entra sync setup. Use it to configure synchronization.
It is possible to configure these types of authentication on Entra ID:
- Password Hash Synchronization
- Pass-through Authentication
- Federated Authentication
Follow the instructions to install the Cloud Sync agent.
It will be required to enable advanced features in Active Directory
When creating an Organizational Unit named Cloud
, this is an example fo a "Distinguished Name".
OU=Cloud,DC=contoso,DC=local
It might be required to set this KDS Root key:
Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))
Download and install the agent.