Azure Active Directory (Azure AD) is a cloud based multi-tenant directory and identity service. This reference architecture shows best practices for integrating on-premises Active Directory domains with Azure AD to provide cloud-based identity authentication.
For guidance about best practices, see the article Integrate on-premises Active Directory domains with Azure Active Directory on the Azure Architecture Center.
A deployment for a reference architecture that implements these recommendations and considerations is available on GitHub. This reference architecture deploys a simulated on-premises network in Azure that you can use to test and experiment. The reference architecture can be deployed with either with Windows or Linux VMs by following the directions below.
-
Clone, fork, or download the zip file for the identity reference architectures GitHub repository.
-
Install Azure CLI.
-
Install the Azure building blocks npm package.
npm install -g @mspnp/azure-building-blocks
-
From a command prompt, bash prompt, or PowerShell prompt, sign into your Azure account as follows:
az login
-
Navigate to the
azure-ad
folder of the GitHub repository. -
Open the
onprem.json
file. Search for instances ofAdminPassword
,SafeModeAdminPassword
andPassword
and change values for the passwords. -
Run the following command and wait for the deployment to finish:
azbb -s <subscription_id> -g <resource group> -l <location> -p onprem.json --deploy
The reference architecture can be deployed with either with Windows or Linux VMs. Steps are the same for boths, but for Linux you need use ntier-linux.json
instead of ntier-windows.json
.
-
Navigate to the
azure-ad
folder of the GitHub repository. -
Open the
ntier-windows.json
file. Search for instances ofAdminPassword
,SafeModeAdminPassword
andPassword
and change values for the passwords. -
Run the following command and wait for the deployment to finish:
azbb -s <subscription_id> -g <resource group> -l <location> -p ntier-windows.json --deploy