Microsoft Azure AZ-800 — Section 6: Preparing your domain naming infrastructure for hybrid identities
47. Configuring AD to support additional domain names
Now that we’ve explored user identities, you’ve gotten an understanding of getting into Azure Active Directory. I want to begin moving us in the direction of connecting our on-premise Active Directory AIDS Active Directory Domain Services with Azure AD..
OK, now in order to do that, there are some considerations. First off, we need to consider what our domain name is and Active Directory.
OK. In my little lab environment here, my domain name is examlabpractice.com. I can I can go in to click Start here on my domain controller.
OK. Go to server manager and I can open up tools and an Active Directory users and computers, and you can clearly see what my domain name is here. I’ll zoom in on that for you. It’s exam lab practice. Dot com.
OK. And I have a DNS database that it would would need to be accessible for the internet in order for me to register that name in my Azure ID.
So here’s the thing. What are what we’re going for here when we connect are on Prem domain and our Azure A.D.. Most people want to achieve something called seamless, so seamless. ISO stands for single sign on, seamless, single sign on and the goal there is to make it where when your users log on to the on-premise domain, they’re also going to automatically get logged on into the cloud, right? That’s what we’re doing. That’s what we’re trying to get to here. But in order to do that, we need to make sure that we have the access to use this name out in the cloud.
OK.
So, in order to do that. First off, we have to have a DNS server that is accessible from the internet.
OK, we’re going to say that my DNS server here, I’m going to click tools and then I’m going to go to group policy. I’m sorry DNS, and then we’ll zoom in on that for you. Here’s my DNS server and I have a database called Forward Look Up Zones.
OK, now if I had another DNS name here that I wanted to make available, I could create another DNS database.
OK, I’ll create another database. And not to turn this into a server class and get into concepts completely behind the NSA right now, but I’m just going to create a little database that I could create DNS records in, and I’m going to call this little database will call it A B C Corp. Dot com.
OK, just a random company name. ABC Corp. Gqom. Click next. Next, and then we’ll click finish. We’ve now got a database called ABC Corp. But here’s the problem. Currently, if you wanted any of your users to also be known as ABC Corp. .com, you would have to tell Active Directory that because right now, Active Directory is only going to allow this name right here to be associated with your users.
OK? , for example, if I if I open up back, if I pull up Active Directory users and computers again, OK, and I go to a user like Jane Doe and I double click on Jane Doe and I go to the Account Tab here, then notice that Jane Doe’s name is Jane Doe at Examlabpractice.com. By the way, they call that a upin a user principal names basically like an email address.
OK. Jane Doe at Examlabpractice.com. If I drop that down, there is no ability for me to put ABC Corp. in there, even though I’ve created the DNS database for it. There’s no no way for me to do that, so let me show you how to do that, actually.
OK.
So, I’m going to go back into server manager here. I’m going to go to ols and I’m going to open up this tool called Active Directory domains and trusts.
So let’s open that tool up and inside that tool, I can actually specify additional domain names, so let’s zoom in on that. All right. And I’m going to right click Active Directory domains and trusts, and I’m going to go to properties. And right here I can add an additional up that Active Directory will allow my users to be associated with so, I can go right here and say ABC Corp.. Dot com. I can add that I can click, OK. Let’s close out of that. Let’s go back into Active Directory users and computers again. Let’s double click on Jane Doe.
OK, go back to account and notice that now I can drop that down. And Jane Doe could be known as ABC Corp. Dot com.
OK.
So, I can have both of these names if I wanted. And if you start getting into exchange online where you’re wanting to have all your email hosted in the Microsoft 365 services, which of course is part of the office subscription, then the great thing about that is when I do link my on-premise environment, my Adidas environment with the cloud, it’ll already be set up and ready to go.
OK, so this what’s going to happen on the Active Directory site in order to have names registered.
OK? Keep in mind that your DNS server is going to get checked from the cloud, so you do have to make sure that you have what we call an internet facing DNS server. That means that the DNS server that the cloud that Microsoft 365 is going to query to verify that you actually do have that name, that you do own that name.
OK, which I’m going to talk more about coming up in this next little lesson that gives you an idea of understanding what’s going to happen on the on prem side on-premise side in order to make all that work.
48. Adding, Configuring, and Verifying additional domain names
OK, so here we are on admin Microsoft.com, also known as Portal Dot Microsoft.com, also known as the Microsoft 365 admin center.
OK, so this where I’m going to go and I’m going to add a custom domain.
So you saw me in the previous segment. I did the AIDS side of things to prepare the DNS for my on-premise Active Directory, but now I’ve actually got to tell the cloud about it so that I can link all this together.
OK? In order to do that, I’m going to click show all. I’m going to drop down settings and I’m going to click domains.
OK, from Domain’s now I’m going to add a new domain.
OK. And in order to add a domain, I’m going to type that new domain in.
OK, now here’s the thing. If you own the name and you’re hosting it through somebody like GoDaddy, Microsoft has an agreement with GoDaddy, so you can actually put in a name like the exam. Labpractice.com name is hosted through GoDaddy, and so GoDaddy is all I had to do. There is just put my GoDaddy credentials in and it will do everything I need. I didn’t have to do anything special in order to do that. However, if I was hosting my DMs on a Microsoft server like I showed you in the last lecture, then I could put the name here will say A B C Corp. Dot com.
Now, keep in mind, I don’t really own that name.
OK, but we’re going to pretend like I do, and that my server has been set up with DNS and I want to show you what would have to happen in order to get this all to work.
So, I’m going to say, use this domain. It’s processing, it says, OK, here’s the deal, if you own the name. Verify that you actually own the name.
So there are two ways that I can verify that I actually own a domain name.
OK? One way is to create this record called a text record in my DNS server, which is just a generic record. You can put anything you want in a text record in the real world and in whatever people query against that record, it’s going to display whatever you could put.
So my phone number in there, if you want it now in this case, though, what they’re doing is they’re saying, Hey, if you really own this record, this name, ABC, Qualcomm, you can create a text record with this value right here.
OK, now once you do that, what will happen is when you click Verify down at the bottom, it’s going to query that DNS server for that name, and it’s going to verify that the records there, the records there, then it says, OK, you must really own the name because you were able to create the record.
OK.
So, it’s almost like one of those one time passwords that they would text your phone or send you via email or whatever.
Now, alternatively, you could do this with an Emacs record as well.
OK. And it record as a mail exchange record, so you could do the same thing. You could create a Emacs record on the DNS server with this value here. And then at that point, it would check that it’s important if you’re taking the exam that you know those two main ways that you would verify who you are. Keep in mind, though, that the third way is Microsoft is partnered up with GoDaddy and companies like that, so you could put your credentials in. If this was a GoDaddy DNS address, it would prompt me for that.
OK. But for sure, and what you won’t remember for the exam is that you can create a text record in it or an Emacs record.
OK, so now what I’m going to do is I’m going to go back and I’m going to create this record, this text record in my DNS server.
OK, I’m back over here now on my DNS server, and I’m going to zoom in for you here. And we’re looking at the ABC Corp. database right here, so all I would need to do is right click this and I would click other new records. I’m going to scroll down and find the text record right here.
OK. Click Create. And you’re actually not going to put anything for the record name right here, going to leave that blank and you would type in the code that they gave us in the code they gave me was MS. Equals lowercase Ms. Four, six three. Seven, three, seven, seven, two one.
So then I would click, OK. Click done. And I’ve now got this record created, and that’s pretty much it on the server side. You’ve got that in there. As long as this adina, a fake, a server that is internet facing, meaning it can be hit from the internet at that point. It would be able to verify that name.
So jumping back over to the Microsoft 365 Portal, we can see here this the record that I created and I could then click Verify and it would be able to verify it.
OK. Granted, again, I don’t really own that name. I do own the name exam, labpractice.com. But that, of course, has already been registered. When when I initially set up this, this Tenet is Cloud 10, so, I click Verify, and it really would be able to verify that it is going to throw an error because again, I don’t really own that name, but that gives you guys an idea of what you got to do on the Active Directory side, the on Prem side, and then what you’ve got to do on the cloud side in order to get your DNS names registered.
49. Setting the Primary Domain Name
So once you’ve set up your custom DNS domain in the Microsoft 365 environment, you’re probably wanting that domain name to be your primary domain name, right? So that when you create user accounts, they’re going to be associated with that domain name, email addresses, all that good stuff, right? So let’s take a look at how we would do that.
So, I’m going to go over here. I’m on Portal Dot Microsoft.com, also known as the admin dot microsoft.com, and I’m going to go right here and just click show all on the left side of the screen. And then I’m going to drop down where it says Settings, and I’m going to click on domains.
OK, so now that I’m over here under domains, you’re going to notice that I have the exam land practice onan to code all my shots. And that was the name of the tenant that I initially set up for this demonstration. And it is my default, right? See how that is my default.
So right now, if I go in, I try to create a user based on that. If I say, add a user. All right. It’s going to use this domain name right here, and if I wanted to assign the exam lab practice domain name, Gqom domain name, the one that I’ve verified. Then at that point, I would have to manually select that. I don’t want to do that right.
So, I want to make the examlabpractice.com my domain that on my primary domain that I’m using with all of my users.
So, I’m going to go back over here to domains again. All right. And there’s the ABC Corp .com, which I don’t really own that name. That’s just an extra name that I could could verify if I actually did on the but I actually do own exam. I practice .com and it is verified and we’ve gone that. We talked about the process of verifying a domain name.
So, I want to make this my primary. I’m just going to simply select that now, and I’m going to say set as default. And at that point, it is going to become my primary domain name.
So from now on, when I go and I start adding a user’s user accounts and all that, you’re going to notice that it will be my primary domain name.
OK.
So all in all, very easy to set and configure your primary domain name in the Microsoft 365 admin center.