Chat now with support
Chat with Support

Active Roles 7.2.1 - Quick Start Guide

Introduction System Requirements Deploying the Administration Service Deploying user interfaces Installing additional components Upgrade of an earlier version Separate Management History database Performing a pilot deployment Deployment considerations Silent installation of Active Roles components Configuring Active Roles to Manage Hybrid Active Directory Objects Active Roles on Windows Azure VM

Provide Administrator Consent for Azure AD

Provide Administrator Consent for Azure AD application to access Active Directory

After an application is created for the Azure AD tenant, the administrator with the Global Administrators group privileges must provide consent for communication between the application and Active Roles Server for the permission scopes that are configured for the application.

To provide Administrator consent for an application

  1. On the Active Roles Web interface Navigation bar, click Directory Management.
  2. On the Views tab in the Browse pane, click Azure Configuration -> Azure Application.

    The list of existing Azure AD applications are displayed.

  1. Select the check-box corresponding to the specific Azure AD application for which you want to provide consent to Microsoft Azure AD, and click Azure Properties.
  2. From the Azure Properties wizard, copy the URL displayed in the Consent URL field, open a new Web Browser tab or window, enter the URL and press Enter.
  3. On the Microsoft Azure login page, enter the Azure AD administrator credentials.
  4. Click Accept to provide consent to Microsoft Azure to grant access to the Active Roles Active Directory resources.

    On successful completion of the task the Local host window is displayed.

Delete an Azure AD Application

You can use the Active Roles Web Interface to delete an Azure AD application.

To delete an Azure AD application

  1. On the Active Roles Web interface Navigation bar, click Directory Management.
  2. On the Views tab in the Browse pane, click Azure Configuration -> Azure Applications.

    The list of existing Azure AD applications are displayed.

  1. Select the check box corresponding to the specific Azure AD application which you want to delete.
  2. In the Command pane, click Delete.

    A message is displayed prompting you to confirm if you want to delete the application.

  1. Click Yes.

    The Azure AD application is deleted and can be verified by navigating to Azure Configuration -> Azure Applications.

NOTE: The Azure AD application is deleted from the Active Roles database and Azure AD.

Configuring Active Roles to manage Hybrid AD using Management Shell

Configuring Active Roles to Manage Hybrid Active Directory Objects > Configuring Active Roles to manage Hybrid AD using Management Shell

Active Roles Management Shell enables you to perform the following configuration tasks to manage Hybrid AD:

Add an Azure Ad Tenant_Mgtshell

Add an Azure AD Tenant

You can use the Active Roles Management Shell to add an Azure AD tenant.

To add an Azure AD tenant

On the Management Shell interface, run the New-QADConfigObject cmdlet.

Synopsis

This cmdlet enables you to add an Azure AD tenant to Active Directory.

Syntax

New-QADAzureConfigObject -type 'AzureTenant' -name 'Azuretenantname' -AzureTenantId 'AzureTenantGUID' -AzureTenantDescription 'AzureTenantDescription' -AzureAdminUserID 'AzureGlobalAdminUserID' -AzureAdminPassword 'AzureGlobalIDPassword'

Description

Use this cmdlet to add an Azure AD tenant using the tenant ID provided by Microsoft for the default tenant created at the time of Microsoft Azure subscription.

Parameters

  • type (string)

    Use this parameter to specify the object class of the directory object to be created. This is the name of a schema class object, such as User or Group. The cmdlet creates a directory object of the object class specified by the value of this parameter.

 

Table 4: Parameters: type (string)

Required

true

Position

named

Accepts pipeline input

false

Accepts wildcard characters

false

  • name (string)

    Use this parameter to set the 'name' attribute to this parameter value on the new object created by this cmdlet in the directory.

 

Table 5: Parameters: name (string)

Required

true

Position

named

Accepts pipeline input

false

Accepts wildcard characters

false

  • AzureTenantId (string)

    Use this parameter to enter the Azure AD tenant ID obtained from the default tenant created after subscribing for Microsoft Azure.

NOTE: The values entered for configuring Azure AD tenant must exactly match the values configured for Azure AD, else Azure AD application creation and management of Azure AD objects fail.

 

Table 6: Parameters: AzureTenantId (string)

Required

true

Position

named

Accepts pipeline input

false

Accepts wildcard characters

false

  • AzureTenantDescription

    Use this parameter to specify the required description for the Azure AD tenant.

 

Table 7: AzureTenantDescription

Required

false

Position

named

Accepts pipeline input

false

Accepts wildcard characters

false

  • AzureAdminUserID

    Use this parameter to specify the administrative user name for Microsoft Azure AD.

NOTE: The Administrative user must have the required privileges to perform license management and Azure user and group management.

 

Table 8: Parameters: AzureAdminUserID

Required

true

Position

named

Accepts pipeline input

false

Accepts wildcard characters

false

  • AzureAdminPassword

    Use this parameter to specify the administrative user name for Microsoft Azure AD.

 

Table 9: Parameters: AzureAdminPassword

Required

true

Position

named

Accepts pipeline input

false

Accepts wildcard characters

false

Example

Connect to any available domain controller with the credentials of the locally logged on user, and create a new Azure AD tenant:

C:\PS> New-QADAzureConfigObject -type 'Tenant1' -name 'ComapnyAzuretenant' -AzureTenantId 'CompanyAzureTenantID' -AzureTenantDescription 'Azure tenant for Company' -AzureAdminUserID 'AzureAdminUser1' -AzureAdminPassword 'AzureAdminPassword1’

Example

Connect to the local Administration Service with the credentials of a specific user, create a new Azure AD tenant and then disconnect:

C:\PS> $pw = read-host "Enter password" -AsSecureString

C:\PS> connect-qadService -service 'localhost' -proxy -ConnectionAccount 'company\administrator' -ConnectionPassword $pw

C:\PS> New-QADAzureConfigObject -type 'Tenant1' -name 'ComapnyAzuretenant' -AzureTenantId 'CompanyAzureTenantID' -AzureTenantDescription 'Azure tenant for Company' -AzureAdminUserID 'AzureAdminUser1' -AzureAdminPassword 'AzureAdminPassword1’

C:\PS> disconnect-qadService

Related Documents