{"id":2660,"date":"2022-03-04T17:32:36","date_gmt":"2022-03-04T17:32:36","guid":{"rendered":"https:\/\/exceedthecloud.com\/?p=2660"},"modified":"2022-03-05T12:40:10","modified_gmt":"2022-03-05T12:40:10","slug":"prepare-for-deployment-of-azure-virtual-desktop-ad-ds","status":"publish","type":"post","link":"https:\/\/exceedthecloud.com\/?p=2660","title":{"rendered":"Prepare for deployment of Azure Virtual Desktop (AD DS)"},"content":{"rendered":"\n<p>Here are some key questions that can help you in the design of your Azure Virtual Desktop infrastructure:<\/p>\n\n\n\n<p>Will everyone get one or just a selected group of users?<\/p>\n\n\n\n<p>Are these staff all based in the same country or are some on the other side of the world? You need to think about round trip latency for the end users and choose an Azure datacenter region accordingly.<\/p>\n\n\n\n<p>Once you define what your organizations needs are, we highlight the fact that you will need to make sure you have all the necessary components. Here\u2019s what you need to set up AVD:<\/p>\n\n\n\n<p>\u25cf Azure AD<br>\u25cf An Azure subscription<br>\u25cf A Domain Controller that is synced with Azure AD<br>\u25cf A virtual network for the session hosts<br>\u25cf Azure VD session hosts<br>\u25cf FSLogix for user profile containers<br>\u25cf A central storage location for the FSLogix user profile disks<\/p>\n\n\n\n<p>Your Azure VDs need to be joined to a domain, which is why you need a domain controller (DC). we  outline here three keys component for this AVD infrastructure:<\/p>\n\n\n\n<p>\u25cf Azure Active Directory Domain Services (Azure AD DS)<br>\u25cf An Azure Virtual Machine configured as a DC<br>\u25cf An existing on-premises DC with a site to site VPN from on-premises to the Azure Vnet<\/p>\n\n\n\n<p> <\/p>\n\n\n\n<p>Prerequisites for this labs :\u00a0<a href=\"https:\/\/azure.microsoft.com\/en-us\/free\/\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Account<\/a>\u00a0\/\u00a0<a href=\"https:\/\/github.com\/marcelin-ndjila\/Practical-Labs-Series\/blob\/master\/Azurelabs11.zip\" target=\"_blank\" rel=\"noreferrer noopener\">Download Labs Files here<\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>An Azure subscription you will be using in this lab.<\/li><li>A Microsoft account or an Azure AD account with the Owner or Contributor role in the Azure subscription you will be using in this lab and with the Global Administrator role in the Azure AD tenant associated with that Azure subscription.<\/li><\/ul>\n\n\n\n<p><strong>Note<\/strong>: Provisioning of an Azure AD DS takes involves about 90-minute wait time.<\/p>\n\n\n\n<p><strong>Lab scenario<\/strong><\/p>\n\n\n\n<p>You need to prepare for deployment of an Active Directory Domain Services (AD DS) environment<\/p>\n\n\n\n<p><strong>Objectives<\/strong><\/p>\n\n\n\n<p>After completing this lab, you will be able to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Deploy an Active Directory Domain Services (AD DS) single-domain forest by using Azure VMs<\/li><li>Integrate an AD DS forest with an Azure Active Directory (Azure AD) tenant<\/li><\/ul>\n\n\n\n<p><strong>Lab 0: Increase the number of vCPU quotas<\/strong><\/p>\n\n\n\n<p>The main tasks for this lab are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Identify current vCPU usage<\/li><li>Request vCPU quota increase<\/li><\/ul>\n\n\n\n<p><strong>Task 1: Identify current vCPU usage<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>From your lab computer, start a web browser, navigate to the <a href=\"https:\/\/portal.azure.com\">Azure portal<\/a>, and sign in by providing credentials of a user account with the Owner role in the subscription you will be using in this lab.<\/li><li>In the Azure portal, open <strong>Cloud Shell<\/strong> pane by selecting the toolbar icon directly to the right of the search textbox.<\/li><li>If prompted to select either <strong>Bash<\/strong> or <strong>PowerShell<\/strong>, select <strong>PowerShell<\/strong>.<\/li><\/ul>\n\n\n\n<p><strong>Note<\/strong>: If this is the first time you are starting <strong>Cloud Shell<\/strong> and you are presented with the <strong>You have no storage mounted<\/strong> message, select the subscription you are using in this lab, and select <strong>Create storage<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\" start=\"4\"><li>In the Azure portal, in the PowerShell session of the <strong>Cloud Shell<\/strong>, run the following to register the <strong>Microsoft.Compute<\/strong> resource provider, in case it&#8217;s not registered:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Register-AzResourceProvider -ProviderNamespace 'Microsoft.Compute'<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"150\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture1.png\" alt=\"\" class=\"wp-image-2661\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture1.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture1-300x72.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>In the Azure portal, in the PowerShell session of the <strong>Cloud Shell<\/strong>, run the following to verify the registration status of the <strong>Microsoft.Compute<\/strong> resource provider:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Get-AzResourceProvider -ListAvailable | Where-Object {$_.ProviderNamespace -eq 'Microsoft.Compute'}<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"142\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture45.png\" alt=\"\" class=\"wp-image-2662\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture45.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture45-300x68.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Note<\/strong>: Verify that the status is listed as <strong>Registered<\/strong>. If not, wait a few minutes and repeat this step.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the Azure portal, in the PowerShell session of the <strong>Cloud Shell<\/strong>, run the following to identify the current usage of vCPUs and the corresponding limits for the <strong>StandardDSv3Family<\/strong> and <strong>StandardBSFamily<\/strong> Azure VMs (replace the &lt;Azure_region&gt; placeholder with the name of the Azure region that you intend to use for this lab, such as, for example, eastus):<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>$location = 'eastus'\nGet-AzVMUsage -Location $location | Where-Object {$_.Name.Value -eq 'StandardDSv3Family'}\nGet-AzVMUsage -Location $location | Where-Object {$_.Name.Value -eq 'StandardBSFamily'}\n<\/code><\/pre>\n\n\n\n<p><strong>Note<\/strong>: To identify the names of Azure regions, in the <strong>Cloud Shell<\/strong>, at the PowerShell prompt, run <code>(Get-AzLocation).Location.<\/code><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"216\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture46-1.png\" alt=\"\" class=\"wp-image-2665\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture46-1.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture46-1-300x104.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Review the output of the command executed in the previous step and ensure that you have at least <strong>20<\/strong> available vCPUs in both the <strong>Standard DSv3 Family<\/strong> and <strong>StandardBSFamily<\/strong> of Azure VMs in the target Azure region. If that&#8217;s already the case, proceed directly to the next lab. Otherwise, proceed to the next task of this lab.<\/li><\/ul>\n\n\n\n<p><strong>Task 2: Request vCPU quota increase<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the Azure portal, search for and select <strong>Subscriptions<\/strong> and, from the <strong>Subscriptions<\/strong> blade, select the entry representing the Azure subscription you intend to use for this lab.<\/li><li>In the Azure portal, on the subscription blade, in the vertical menu on the left side, in the <strong>Settings<\/strong> section, select <strong>Usage + quotas<\/strong>.<\/li><li>On the subscription&#8217;s <strong>Usage + quotas<\/strong> blade, select <strong>Request Increase<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"416\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture47.png\" alt=\"\" class=\"wp-image-2666\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture47.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture47-300x200.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>1. Problem description<\/strong> tab of the <strong>New support request<\/strong> blade, specify the following and select <strong>Manage quota &gt;<\/strong>:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Issue type<\/td><td><strong>Service and subscription limits (quotas)<\/strong><\/td><\/tr><tr><td>Subscription<\/td><td>the name of the Azure subscription you will be using in this lab<\/td><\/tr><tr><td>Quota type<\/td><td><strong>Compute-VM (cores-vCPUs) subscription limit increases<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"647\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture48.png\" alt=\"\" class=\"wp-image-2667\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture48.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture48-289x300.png 289w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>Azure Pass \u2013 Sponsorship | Usage + quotas<\/strong> blade, select the following drop down arrows from the top search bar:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td><strong>Search<\/strong><\/td><td><strong>Standard BS<\/strong><\/td><\/tr><tr><td><strong>All locations<\/strong><\/td><td><strong>Clear all<\/strong>, and then check <em>your location<\/em><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\" start=\"2\"><li>In the returned <strong>Standard BS Family vCPUs<\/strong> item, select the pencil icon, <strong>Edit<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"431\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture49.png\" alt=\"\" class=\"wp-image-2668\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture49.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture49-300x207.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>In the <strong>Quota Details<\/strong> blade, in the <strong>New limit<\/strong> column text box, type <strong>20<\/strong>, and then select <strong>Save and continue<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"430\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture50.png\" alt=\"\" class=\"wp-image-2669\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture50.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture50-300x207.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>Allow the quota request to complete. After a few moments, the <strong>Quota Details<\/strong> blade will specify the request has been approved and Quota increased. Close the <strong>Quota Details<\/strong> blade.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"576\" height=\"635\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture51.png\" alt=\"\" class=\"wp-image-2670\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture51.png 576w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture51-272x300.png 272w\" sizes=\"auto, (max-width: 576px) 100vw, 576px\" \/><\/figure>\n\n\n\n<p>Complete steps 5-8 above, using the <strong>Standard DSv3<\/strong> in the <strong>Search<\/strong> text box from step 5.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"427\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture52.png\" alt=\"\" class=\"wp-image-2671\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture52.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture52-300x205.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"576\" height=\"606\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture53.png\" alt=\"\" class=\"wp-image-2672\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture53.png 576w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture53-285x300.png 285w\" sizes=\"auto, (max-width: 576px) 100vw, 576px\" \/><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>$location = 'eastus'\nGet-AzVMUsage -Location $location | Where-Object {$_.Name.Value -eq 'StandardDSv3Family'}\nGet-AzVMUsage -Location $location | Where-Object {$_.Name.Value -eq 'StandardBSFamily'}\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"221\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture54.png\" alt=\"\" class=\"wp-image-2673\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture54.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture54-300x106.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Lab 1: Deploy an Active Directory Domain Services (AD DS) domain<\/strong><\/p>\n\n\n\n<p>The main tasks for this lab are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Prepare for an Azure VM deployment<\/li><li>Deploy an Azure VM running an AD DS domain controller by using an Azure Resource Manager QuickStart template<\/li><li>Deploy an Azure VM running Windows 10 by using an Azure Resource Manager QuickStart template<\/li><li>Deploy Azure Bastion<\/li><\/ul>\n\n\n\n<p><strong>Task 1: Prepare for an Azure VM deployment<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>From your lab computer, start a web browser, navigate to the <a href=\"https:\/\/portal.azure.com\">Azure portal<\/a>, and sign in by providing credentials of a user account with the Owner role in the subscription you will be using in this lab.<\/li><li>In the web browser displaying the Azure portal, navigate to the <strong>Overview<\/strong> blade of the Azure AD tenant and, in the vertical menu on the left side, in the <strong>Manage<\/strong> section, click <strong>Properties<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"475\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture55.png\" alt=\"\" class=\"wp-image-2674\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture55.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture55-300x228.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Properties<\/strong> blade of your Azure AD tenant, at the very bottom of the blade, select the <strong>Manage Security defaults<\/strong> link.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"158\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture56.png\" alt=\"\" class=\"wp-image-2675\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture56.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture56-300x76.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Enable Security defaults<\/strong> blade, if needed, select <strong>No<\/strong>, select the <strong>My organization is using Conditional Access<\/strong> checkbox, and select <strong>Save<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"411\" height=\"827\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture57.png\" alt=\"\" class=\"wp-image-2676\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture57.png 411w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture57-149x300.png 149w\" sizes=\"auto, (max-width: 411px) 100vw, 411px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the Azure portal, open <strong>Cloud Shell<\/strong> pane by selecting on the toolbar icon directly to the right of the search textbox.<\/li><li>If prompted to select either <strong>Bash<\/strong> or <strong>PowerShell<\/strong>, select <strong>PowerShell<\/strong>.<\/li><\/ul>\n\n\n\n<p><strong>Note<\/strong>: If this is the first time you are starting <strong>Cloud Shell<\/strong> and you are presented with the <strong>You have no storage mounted<\/strong> message, select the subscription you are using in this lab, and select <strong>Create storage<\/strong>.<\/p>\n\n\n\n<p><strong>Task 2: Deploy an Azure VM running an AD DS domain controller by using an Azure Resource Manager QuickStart template<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the lab computer, in the web browser displaying the Azure portal, from the PowerShell session in the Cloud Shell pane, run the following to create a resource group (replace the &lt;Azure_region&gt; placeholder with the name of the Azure region that you intend to use for this lab, such as, for example, eastus)::<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>$location = 'eastus'\n$resourceGroupName = 'exceed140-11-RG'\nNew-AzResourceGroup -Location $location -Name $resourceGroupName\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"211\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture58.png\" alt=\"\" class=\"wp-image-2677\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture58.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture58-300x101.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the Azure portal, close the <strong>Cloud Shell<\/strong> pane.<\/li><li>From your lab computer, in the same web browser window, open another web browser tab and navigate a customized version of QuickStart template named <a href=\"https:\/\/github.com\/az140mp\/azure-quickstart-templates\/tree\/master\/application-workloads\/active-directory\/active-directory-new-domain\" target=\"_blank\" rel=\"noreferrer noopener\">Create a new Windows VM and create a new AD Forest, Domain and DC<\/a>.<\/li><li>On the <strong>Create a new Windows VM and create a new AD Forest, Domain and DC<\/strong> page, select <strong>Deploy to Azure<\/strong>. This will automatically redirect the browser to the <strong>Create an Azure VM with a new AD Forest<\/strong> blade in the Azure portal.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"245\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture59.png\" alt=\"\" class=\"wp-image-2678\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture59.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture59-300x118.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Create an Azure VM with a new AD Forest<\/strong> blade, select <strong>Edit parameters<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"546\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture60.png\" alt=\"\" class=\"wp-image-2679\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture60.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture60-300x263.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Edit parameters<\/strong> blade, select <strong>Load file<\/strong>, in the <strong>Open<\/strong> dialog box, select <strong>exceed140-11_azuredeploydc11.parameters.json<\/strong>, select <strong>Open<\/strong>, and then select <strong>Save<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"537\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture61.png\" alt=\"\" class=\"wp-image-2680\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture61.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture61-300x258.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>Create an Azure VM with a new AD Forest<\/strong> blade, specify the following settings (leave others with their existing values):<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Subscription<\/td><td>the name of the Azure subscription you are using in this lab<\/td><\/tr><tr><td>Resource group<\/td><td><strong>exceed140-11-RG<\/strong><\/td><\/tr><tr><td>Domain name<\/td><td><strong>adatum.com<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\" start=\"2\"><li>On the <strong>Create an Azure VM with a new AD Forest<\/strong> blade, select <strong>Review + create<\/strong> and select <strong>Create<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"622\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture62.png\" alt=\"\" class=\"wp-image-2681\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture62.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture62-300x300.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture62-150x150.png 150w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"656\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture63.png\" alt=\"\" class=\"wp-image-2682\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture63.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture63-285x300.png 285w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Note<\/strong>: Wait for the deployment to complete before you proceed to the next lab. This might take about 15 minutes.<\/p>\n\n\n\n<p><strong>Task 3: Deploy an Azure VM running Windows 10 by using an Azure Resource Manager QuickStart template<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the lab computer, in the web browser displaying the Azure portal, open a PowerShell session in the Cloud Shell pane, and run the following to add a subnet named <strong>cl-Subnet<\/strong> to the virtual network named <strong>exceed-adds-vnet11<\/strong> you created in the previous task:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>$resourceGroupName = 'exceed140-11-RG'\n$vnet = Get-AzVirtualNetwork -ResourceGroupName $resourceGroupName -Name 'exceed-adds-vnet11'\n$subnetConfig = Add-AzVirtualNetworkSubnetConfig `\n  -Name 'cl-Subnet' `\n  -AddressPrefix 10.0.255.0\/24 `\n  -VirtualNetwork $vnet\n$vnet | Set-AzVirtualNetwork\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"145\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture64.png\" alt=\"\" class=\"wp-image-2683\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture64.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture64-300x70.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the Azure portal, in the toolbar of the Cloud Shell pane, select the Upload\/Download files icon, in the drop-down menu select Upload, and upload the files <strong>exceed140-11_azuredeploycl11.json<\/strong> and <strong>exceed140-11_azuredeploycl11.parameters.json<\/strong> into the Cloud Shell home directory.<\/li><li>From the PowerShell session in the Cloud Shell pane, run the following to deploy an Azure VM running Windows 10 that will serve as a client into the newly created subnet:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>$location = (Get-AzResourceGroup -ResourceGroupName $resourceGroupName).Location\nNew-AzResourceGroupDeployment `\n  -ResourceGroupName $resourceGroupName `\n  -Location $location `\n  -Name exceed140lab0101vmDeployment `\n  -TemplateFile $HOME\/exceed140-11_azuredeploycl11.json `\n-TemplateParameterFile $HOME\/exceed140-11_azuredeploycl11.parameters.json\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"196\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture65.png\" alt=\"\" class=\"wp-image-2684\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture65.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture65-300x94.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Note<\/strong>: Do not wait for the deployment to complete but instead proceed to the next task. The deployment might take about 10 minutes.<\/p>\n\n\n\n<p><strong>Task 4: Deploy Azure Bastion<\/strong><\/p>\n\n\n\n<p><strong>Note<\/strong>: Azure Bastion allows for connection to the Azure VMs without public endpoints which you deployed in the previous task of this lab, while providing protection against brute force exploits that target operating system level credentials.<\/p>\n\n\n\n<p><strong>Note<\/strong>: Ensure that your browser has the pop-up functionality enabled.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the browser window displaying the Azure portal, open another tab and, in the browser tab, navigate to the Azure portal.<\/li><li>In the Azure portal, open <strong>Cloud Shell<\/strong> pane by selecting on the toolbar icon directly to the right of the search textbox.<\/li><li>From the PowerShell session in the Cloud Shell pane, run the following to add a subnet named <strong>AzureBastionSubnet<\/strong> to the virtual network named <strong>exceed-adds-vnet11<\/strong> you created earlier in this lab:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>$resourceGroupName = 'exceed140-11-RG'\n$vnet = Get-AzVirtualNetwork -ResourceGroupName $resourceGroupName -Name 'exceed-adds-vnet11'\n$subnetConfig = Add-AzVirtualNetworkSubnetConfig `\n  -Name 'AzureBastionSubnet' `\n  -AddressPrefix 10.0.254.0\/24 `\n  -VirtualNetwork $vnet\n$vnet | Set-AzVirtualNetwork\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"196\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture66.png\" alt=\"\" class=\"wp-image-2685\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture66.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture66-300x94.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Close the Cloud Shell pane.<\/li><li>In the Azure portal, search for and select <strong>Bastions<\/strong> and, from the <strong>Bastions<\/strong> blade, select <strong>+ Create<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"296\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture67.png\" alt=\"\" class=\"wp-image-2686\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture67.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture67-300x142.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>Basic<\/strong> tab of the <strong>Create a Bastion<\/strong> blade, specify the following settings and select <strong>Review + create<\/strong>:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Subscription<\/td><td>the name of the Azure subscription you are using in this lab<\/td><\/tr><tr><td>Resource group<\/td><td><strong>exceed140-11-RG<\/strong><\/td><\/tr><tr><td>Name<\/td><td><strong>exceed140-11-bastion<\/strong><\/td><\/tr><tr><td>Region<\/td><td>the same Azure region to which you deployed the resources in the previous tasks of this lab<\/td><\/tr><tr><td>Tier<\/td><td><strong>Basic<\/strong><\/td><\/tr><tr><td>Virtual network<\/td><td><strong>exceed-adds-vnet11<\/strong><\/td><\/tr><tr><td>Subnet<\/td><td><strong>AzureBastionSubnet (10.0.254.0\/24)<\/strong><\/td><\/tr><tr><td>Public IP address<\/td><td><strong>Create new<\/strong><\/td><\/tr><tr><td>Public IP name<\/td><td><strong>exceed-adds-vnet11-ip<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"600\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture68.png\" alt=\"\" class=\"wp-image-2687\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture68.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture68-300x288.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Review + create<\/strong> tab of the <strong>Create a Bastion<\/strong> blade, select <strong>Create<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"692\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture69.png\" alt=\"\" class=\"wp-image-2688\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture69.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture69-271x300.png 271w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Note<\/strong>: Wait for the deployment to complete before you proceed to the next lab. The deployment might take about 5 minutes.<\/p>\n\n\n\n<p><strong>Lab 2: Integrate an AD DS forest with an Azure AD tenant<\/strong><\/p>\n\n\n\n<p>The main tasks for this lab are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Create AD DS users and groups that will be synchronized to Azure AD<\/li><li>Configure AD DS UPN suffix<\/li><li>Create an Azure AD user that will be used to configure synchronization with Azure AD<\/li><li>Install Azure AD Connect<\/li><li>Configure hybrid Azure AD join<\/li><\/ul>\n\n\n\n<p><strong>Task 1: Create AD DS users and groups that will be synchronized to Azure AD<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the lab computer, in the web browser displaying the Azure portal, search for and select <strong>Virtual machines<\/strong> and, from the <strong>Virtual machines<\/strong> blade, select <strong>exceed-dc-vm11<\/strong>.<\/li><li>On the <strong>exceed-dc-vm11<\/strong> blade, select <strong>Connect<\/strong>, in the drop-down menu, select <strong>Bastion<\/strong>, on the <strong>Bastion<\/strong> tab of the <strong>exceed-dc-vm11 | Connect<\/strong> blade, select <strong>Use Bastion<\/strong>.<\/li><li>When prompted, provide the following credentials and select <strong>Connect<\/strong>:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>User Name<\/td><td><strong>Student<\/strong><\/td><\/tr><tr><td>Password<\/td><td><strong>Pa55w.rd1234<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"261\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture70.png\" alt=\"\" class=\"wp-image-2689\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture70.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture70-300x125.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Within the Remote Desktop session to <strong>exceed-dc-vm11<\/strong>, start <strong>Windows PowerShell ISE<\/strong> as administrator.<\/li><li>From the <strong>Administrator: Windows PowerShell ISE<\/strong> script pane, run the following to disable Internet Explorer Enhanced Security for Administrators:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>$adminRegEntry = 'HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}'\nSet-ItemProperty -Path $AdminRegEntry -Name 'IsInstalled' -Value 0\nStop-Process -Name Explorer<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"222\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture71.png\" alt=\"\" class=\"wp-image-2690\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture71.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture71-300x107.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to create an AD DS organizational unit that will contain objects included in the scope of synchronization to the Azure AD tenant used in this lab:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>New-ADOrganizationalUnit 'ToSync' -path 'DC=adatum,DC=com' -ProtectedFromAccidentalDeletion $false<\/code><\/pre>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to create an AD DS organizational unit that will contain computer objects of Windows 10 domain-joined client computers:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>New-ADOrganizationalUnit 'WVDClients' -path 'DC=adatum,DC=com' -ProtectedFromAccidentalDeletion $false<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>From the <strong>Administrator: Windows PowerShell ISE<\/strong> script pane, run the following to create AD DS user accounts that will be synchronized to the Azure AD tenant used in this lab (replace the &lt;password&gt; placeholder with a random, complex password):<\/li><\/ul>\n\n\n\n<p><strong>Note<\/strong>: Ensure that you remember the password you used. You will need it later in this and subsequent labs.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ouName = 'ToSync'\n$ouPath = \"OU=$ouName,DC=adatum,DC=com\"\n$adUserNamePrefix = 'aduser'\n$adUPNSuffix = 'adatum.com'\n$userCount = 1..9\nforeach ($counter in $userCount) {\n  New-AdUser -Name $adUserNamePrefix$counter -Path $ouPath -Enabled $True `\n    -ChangePasswordAtLogon $false -userPrincipalName $adUserNamePrefix$counter@$adUPNSuffix `\n    -AccountPassword (ConvertTo-SecureString Changesme@2022 -AsPlainText -Force) -passThru\n} \n\n$adUserNamePrefix = 'wvdadmin1'\n$adUPNSuffix = 'adatum.com'\nNew-AdUser -Name $adUserNamePrefix -Path $ouPath -Enabled $True `\n    -ChangePasswordAtLogon $false -userPrincipalName $adUserNamePrefix@$adUPNSuffix `\n    -AccountPassword (ConvertTo-SecureString Changesme@2022 -AsPlainText -Force) -passThru\n\nGet-ADGroup -Identity 'Domain Admins' | Add-AdGroupMember -Members 'wvdadmin1'<\/code><\/pre>\n\n\n\n<p><strong>Note<\/strong>: The script creates nine non-privileged user accounts named <strong>aduser1<\/strong> &#8211; <strong>aduser9<\/strong> and one privileged account that is a member of the <strong>ADATUM\\Domain Admins<\/strong> group named <strong>wvdadmin1<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"400\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture72.png\" alt=\"\" class=\"wp-image-2691\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture72.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture72-300x192.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture72-80x50.png 80w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> script pane, run the following to create AD DS group objects that will be synchronized to the Azure AD tenant used in this lab:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>New-ADGroup -Name 'exceed140-wvd-pooled' -GroupScope 'Global' -GroupCategory Security -Path $ouPath\n\nNew-ADGroup -Name 'exceed140-wvd-remote-app' -GroupScope 'Global' -GroupCategory Security -Path $ouPath\n\nNew-ADGroup -Name 'exceed140-wvd-personal' -GroupScope 'Global' -GroupCategory Security -Path $ouPath\n\nNew-ADGroup -Name 'exceed140-wvd-users' -GroupScope 'Global' -GroupCategory Security -Path $ouPath\n\nNew-ADGroup -Name 'exceed140-wvd-admins' -GroupScope 'Global' -GroupCategory Security -Path $ouPath<\/code><\/pre>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to add members to the groups you created in the previous step:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Get-ADGroup -Identity 'exceed140-wvd-pooled' | Add-AdGroupMember -Members 'aduser1','aduser2','aduser3','aduser4'\nGet-ADGroup -Identity 'exceed140-wvd-remote-app' | Add-AdGroupMember -Members 'aduser1','aduser5','aduser6'\nGet-ADGroup -Identity 'exceed140-wvd-personal' | Add-AdGroupMember -Members 'aduser7','aduser8','aduser9'\nGet-ADGroup -Identity 'exceed140-wvd-users' | Add-AdGroupMember -Members 'aduser1','aduser2','aduser3','aduser4','aduser5','aduser6','aduser7','aduser8','aduser9'\nGet-ADGroup -Identity 'exceed140-wvd-admins' | Add-AdGroupMember -Members 'wvdadmin1'<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"249\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture73.png\" alt=\"\" class=\"wp-image-2692\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture73.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture73-300x120.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Task 2: Configure AD DS UPN suffix<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Within the Remote Desktop session to <strong>exceed-dc-vm11<\/strong>, from the <strong>Administrator: Windows PowerShell ISE<\/strong> script pane, run the following to install the latest version of the PowerShellGet module (select <strong>Yes<\/strong> when prompted for confirmation):<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;Net.ServicePointManager]::SecurityProtocol = &#91;Net.SecurityProtocolType]::Tls12\nInstall-Module -Name PowerShellGet -Force -SkipPublisherCheck<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"261\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture74.png\" alt=\"\" class=\"wp-image-2693\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture74.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture74-300x125.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to install the latest version of the Az PowerShell module (select <strong>Yes to All<\/strong> when prompted for confirmation):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Install-Module -Name Az -AllowClobber -SkipPublisherCheck<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"283\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture75.png\" alt=\"\" class=\"wp-image-2694\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture75.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture75-300x136.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to sign in to your Azure subscription:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Connect-AzAccount<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"310\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture76.png\" alt=\"\" class=\"wp-image-2695\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture76.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture76-300x149.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>When prompted, provide the credentials of the user account with the Owner role in the subscription you are using in this lab.<\/li><li>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to retrieve the Id property of the Azure AD tenant associated with your Azure subscription:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>$tenantId = (Get-AzContext).Tenant.Id<\/code><\/pre>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to install and import the latest version of the Azure AD PowerShell module:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Install-Module -Name AzureAD -Force\nImport-Module -Name AzureAD<\/code><\/pre>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to authenticate to your Azure AD tenant:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Connect-AzureAD -TenantId $tenantId<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"305\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture77.png\" alt=\"\" class=\"wp-image-2696\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture77.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture77-300x147.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>When prompted, sign in with the same credentials you used earlier in this task.<\/li><li>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to retrieve the primary DNS domain name of the Azure AD tenant associated with your Azure subscription:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>$aadDomainName = ((Get-AzureAdTenantDetail).VerifiedDomains)&#91;0].Name<\/code><\/pre>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to add the primary DNS domain name of the Azure AD tenant associated with your Azure subscription to the list of UPN suffixes of your AD DS forest:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Get-ADForest|Set-ADForest -UPNSuffixes @{add=\"$aadDomainName\"}<\/code><\/pre>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> script pane, run the following to assign the primary DNS domain name of the Azure AD tenant associated with your Azure subscription as the UPN suffix of all users in the AD DS domain:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$domainUsers = Get-ADUser -Filter {UserPrincipalName -like '*adatum.com'} -Properties userPrincipalName -ResultSetSize $null\n$domainUsers | foreach {$newUpn = $_.UserPrincipalName.Replace('adatum.com',$aadDomainName); $_ | Set-ADUser -UserPrincipalName $newUpn}<\/code><\/pre>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> console, run the following to assign the <strong>adatum.com<\/strong> UPN suffix to the <strong>Student<\/strong> domain user:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$domainAdminUser = Get-ADUser -Filter {sAMAccountName -eq 'Student'} -Properties userPrincipalName\n$domainAdminUser | Set-ADUser -UserPrincipalName 'student@adatum.com'<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"308\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture78.png\" alt=\"\" class=\"wp-image-2697\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture78.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture78-300x148.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Task 3: Create an Azure AD user that will be used to configure directory synchronization<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Within the Remote Desktop session to <strong>exceed-dc-vm11<\/strong>, from the <strong>Administrator: Windows PowerShell ISE<\/strong> script pane, run the following to create a new Azure AD user (replace the &lt;password&gt; placeholder with a random, complex password):<\/li><\/ul>\n\n\n\n<p><strong>Note<\/strong>: Ensure that you remember the password you used. You will need it later in this and subsequent labs.:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$userName = 'aadsyncuser'\n$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile\n$passwordProfile.Password = 'Changesme@2022'\n$passwordProfile.ForceChangePasswordNextLogin = $false\nNew-AzureADUser -AccountEnabled $true -DisplayName $userName -PasswordProfile $passwordProfile -MailNickName $userName -UserPrincipalName \"$userName@$aadDomainName\"<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"306\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture79.png\" alt=\"\" class=\"wp-image-2698\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture79.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture79-300x147.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>From the <strong>Administrator: Windows PowerShell ISE<\/strong> script pane, run the following to assign the Global Administrator role to the newly created Azure AD user:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$aadUser = Get-AzureADUser -ObjectId \"$userName@$aadDomainName\"\n$aadRole = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Global administrator'} \nAdd-AzureADDirectoryRoleMember -ObjectId $aadRole.ObjectId -RefObjectId $aadUser.ObjectId<\/code><\/pre>\n\n\n\n<p><strong>Note<\/strong>: Azure AD PowerShell module refers to the Global Administrator role as Company Administrator.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>From the <strong>Administrator: Windows PowerShell ISE<\/strong> script pane, run the following to identify the user principal name of the newly created Azure AD user:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>(Get-AzureADUser -Filter \"MailNickName eq '$userName'\").UserPrincipalName<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"303\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture80.png\" alt=\"\" class=\"wp-image-2699\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture80.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture80-300x146.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Note<\/strong>: Record the user principal name. You will need it later in this lab.<\/p>\n\n\n\n<p><strong>Task 4: Install Azure AD Connect<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Within the Remote Desktop session to <strong>exceed-dc-vm11<\/strong>, from the <strong>Administrator: Windows PowerShell ISE<\/strong> script pane, run the following to eanble TLS 1.2:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>New-Item 'HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319' -Force | Out-Null\n\nNew-ItemProperty -path 'HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null\n\nNew-ItemProperty -path 'HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null\n\nNew-Item 'HKLM:\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319' -Force | Out-Null\n\nNew-ItemProperty -path 'HKLM:\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null\n\nNew-ItemProperty -path 'HKLM:\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null\n\nNew-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server' -Force | Out-Null\n\nNew-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null\n\nNew-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null\n\nNew-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client' -Force | Out-Null\n\nNew-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null\n\nNew-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null\nWrite-Host 'TLS 1.2 has been enabled.'<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"304\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture81.png\" alt=\"\" class=\"wp-image-2700\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture81.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture81-300x146.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Within the Remote Desktop session to <strong>exceed-dc-vm11<\/strong>, start Internet Explorer and navigate to the <a href=\"https:\/\/www.microsoft.com\/en-us\/edge\/business\/download\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Edge for Business download page<\/a>.<\/li><li>From the <a href=\"https:\/\/www.microsoft.com\/en-us\/edge\/business\/download\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Edge for Business download page<\/a> download the latest stable version of Microsoft Edge, install it, launch it, and configure it with the default settings.<\/li><li>Within the Remote Desktop session to <strong>exceed-dc-vm11<\/strong>, use Microsoft Edge to navigate to the <a href=\"https:\/\/portal.azure.com\" target=\"_blank\" rel=\"noreferrer noopener\">Azure portal<\/a>. If prompted, sign in by using the Azure AD credentials of the user account with the Owner role in the subscription you are using in this lab.<\/li><li>In the Azure portal, use the <strong>Search resources, services, and docs<\/strong> text box at the top of the Azure portal page to search for and navigate to the <strong>Azure Active Directory<\/strong> blade and, on your Azure AD tenant blade, in the <strong>Manage<\/strong> section of the hub menu, select <strong>Azure AD Connect<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"466\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture82.png\" alt=\"\" class=\"wp-image-2701\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture82.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture82-300x224.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>Azure AD Connect<\/strong> blade, select the <strong>Download Azure AD Connect<\/strong> link. This will automatically open a new browser tab displaying the <strong>Microsoft Azure Active Directory Connect<\/strong> download page.<\/li><li>On the <strong>Microsoft Azure Active Directory Connect<\/strong> download page, select <strong>Download<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"479\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture83.png\" alt=\"\" class=\"wp-image-2702\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture83.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture83-300x230.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>When prompted whether to run or save the <strong>AzureADConnect.msi<\/strong> installer, select <strong>Run<\/strong> to start the <strong>Microsoft Azure Active Directory Connect<\/strong> wizard.<\/li><li>On the <strong>Welcome to Azure AD Connect<\/strong> page of the <strong>Microsoft Azure Active Directory Connect<\/strong> wizard, select the checkbox <strong>I agree to the license terms and privacy notice<\/strong> and select <strong>Continue<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"440\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture84.png\" alt=\"\" class=\"wp-image-2703\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture84.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture84-300x212.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Express Settings<\/strong> page of the <strong>Microsoft Azure Active Directory Connect<\/strong> wizard, select the <strong>Customize<\/strong> option.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"437\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture85.png\" alt=\"\" class=\"wp-image-2704\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture85.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture85-300x210.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Install required components<\/strong> page, leave all optional configuration options deselected and select <strong>Install<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"439\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture86.png\" alt=\"\" class=\"wp-image-2705\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture86.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture86-300x211.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>User sign-in<\/strong> page, ensure that only the <strong>Password Hash Synchronization<\/strong> is enabled and select <strong>Next<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"434\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture87.png\" alt=\"\" class=\"wp-image-2706\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture87.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture87-300x209.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Connect to Azure AD<\/strong> page, authenticate by using the credentials of the <strong>aadsyncuser<\/strong> user account you created in the previous lab and select <strong>Next<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"438\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture88.png\" alt=\"\" class=\"wp-image-2707\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture88.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture88-300x211.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Note<\/strong>: Provide the userPrincipalName attribute of the <strong>aadsyncuser<\/strong> account you recorded earlier in this lab and specify the password you set earlier in this lab as its password.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>Connect your directories<\/strong> page, select the <strong>Add Directory<\/strong> button to the right of the <strong>adatum.com<\/strong> forest entry.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"436\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture89.png\" alt=\"\" class=\"wp-image-2708\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture89.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture89-300x210.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the <strong>AD forest account<\/strong> window, ensure that the option to <strong>Create new AD account<\/strong> is selected, specify the following credentials, and select <strong>OK<\/strong>:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>User Name<\/td><td><strong>ADATUM\\Student<\/strong><\/td><\/tr><tr><td>Password<\/td><td><strong>Pa55w.rd1234<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"441\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture90.png\" alt=\"\" class=\"wp-image-2709\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture90.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture90-300x212.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>Back on the <strong>Connect your directories<\/strong> page, ensure that the <strong>adatum.com<\/strong> entry appears as a configured directory and select <strong>Next<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"441\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture91.png\" alt=\"\" class=\"wp-image-2710\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture91.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture91-300x212.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Azure AD sign-in configuration<\/strong> page, note the warning stating <strong>Users will not be able to sign-in to Azure AD with on-premises credentials if the UPN suffix does not match a verified domain name<\/strong>, enable the checkbox <strong>Continue without matching all UPN suffixes to verified domain<\/strong>, and select <strong>Next<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"436\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture92.png\" alt=\"\" class=\"wp-image-2711\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture92.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture92-300x210.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Note<\/strong>: This is expected, since the Azure AD tenant does not have a verified custom DNS domain matching one of the UPN suffixes of the <strong>adatum.com<\/strong> AD DS.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>Domain and OU filtering<\/strong> page, select the option <strong>Sync selected domains and OUs<\/strong>, expand the adatum.com node, clear all checkboxes, select only the checkbox next to the <strong>ToSync<\/strong> OU, and select <strong>Next<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"440\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture93.png\" alt=\"\" class=\"wp-image-2712\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture93.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture93-300x212.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Uniquely identifying your users<\/strong> page, accept the default settings, and select <strong>Next<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"434\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture94.png\" alt=\"\" class=\"wp-image-2713\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture94.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture94-300x209.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Filter users and devices<\/strong> page, accept the default settings, and select <strong>Next<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"442\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture95.png\" alt=\"\" class=\"wp-image-2714\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture95.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture95-300x213.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Optional features<\/strong> page, accept the default settings, and select <strong>Next<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"441\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture96.png\" alt=\"\" class=\"wp-image-2715\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture96.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture96-300x212.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>On the <strong>Ready to configure<\/strong> page, ensure that the <strong>Start the synchronization process when configuration completes<\/strong> checkbox is selected and select <strong>Install<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"434\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture97.png\" alt=\"\" class=\"wp-image-2716\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture97.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture97-300x209.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Note<\/strong>: Installation should take about 2 minutes.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Review the information on the <strong>Configuration complete<\/strong> page and select <strong>Exit<\/strong> to close the <strong>Microsoft Azure Active Directory Connect<\/strong> window.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"435\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture98.png\" alt=\"\" class=\"wp-image-2717\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture98.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture98-300x209.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Within the Remote Desktop session to <strong>exceed-dc-vm11<\/strong>, in the Microsoft Edge window displaying the Azure portal, navigate to the <strong>Users &#8211; All users<\/strong> blade of the Adatum Lab Azure AD tenant.<\/li><li>On the <strong>Users | All users<\/strong> blade, note that the list of user objects includes the listing of AD DS user accounts you created earlier in this lab, with the <strong>Yes<\/strong> entry appearing in the <strong>Directory synced<\/strong> column.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"356\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture99.png\" alt=\"\" class=\"wp-image-2718\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture99.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/Picture99-300x171.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Note<\/strong>: You might have to wait a few minutes and refresh the browser page for the AD DS user accounts to appear.<\/p>\n\n\n\n<p>Congratulations! the deployment of your Active Directory Domain Services (AD DS) environment is now ready for Azure Virtual Desktop.<\/p>\n\n\n\n<p><mark class=\"kt-highlight\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-virtue-primary-color\">Reminder: Don&#8217;t forget to delete or shutdown all unused Azure resources after your labs for cost saving<\/mark><\/mark><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here are some key questions that can help you in the design of your Azure Virtual Desktop infrastructure: Will everyone get one or just a selected group of users? Are these staff all based in the same country or are &hellip; <a href=\"https:\/\/exceedthecloud.com\/?p=2660\">Continued<\/a><\/p>\n","protected":false},"author":1,"featured_media":2720,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"kt_blocks_editor_width":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[102,98,4,19],"tags":[103,35,31],"class_list":["post-2660","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure-virtual-desktop","category-powershell","category-practical-labs-series","category-virtual-machines","tag-azure-virtual-desktop","tag-virtual-machines","tag-virtual-network"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/03\/istockphoto-162488938-612x612-1.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/2660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2660"}],"version-history":[{"count":14,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/2660\/revisions"}],"predecessor-version":[{"id":2739,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/2660\/revisions\/2739"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/media\/2720"}],"wp:attachment":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}