立即与支持人员聊天
与支持团队交流

Active Roles 7.5.3 - Quick Start Guide

Introduction Active Roles Setup package Active Roles uninstallation System Requirements Deploying the Administration Service Deploying user interfaces Installing additional components Upgrade of an earlier version Performing a pilot deployment Deployment considerations Silent installation of Active Roles components Configuring Active Roles to Manage Hybrid Active Directory Objects Active Roles on Windows Azure VM

Add an Azure Ad Tenant_Mgtshell

Use the Active Roles Management Shell to add an Azure AD tenant. To do so, run the New-QADAzureConfigObject cmdlet on the Management Shell interface.

Description

New-QADAzureConfigObject lets you add an Azure AD tenant to Active Directory.

Usage Recommendations

Use New-QADAzureConfigObject to add an Azure AD tenant using the tenant ID provided by Microsoft for the default tenant (created at the time of the Microsoft Azure subscription).

Syntax
New-QADAzureConfigObject -type 'AzureTenant' -name 'Azuretenantname' -AzureTenantId 'AzureTenantGUID' -AzureTenantDescription 'AzureTenantDescription' -AzureAdminUserID 'AzureGlobalAdminUserID' -AzureAdminPassword 'AzureGlobalIDPassword' -AzureADTenantType 'AzureTenantType'
Parameters

The New-QADAzureConfigObject cmdlet has the following parameters.

  • type (string): Specifies the object class of the directory object to be created (such as User or Group). The cmdlet creates a directory object of the object class specified with this parameter.

    Table 5: Parameter: type (string)

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • name (string): Sets the name attribute to the value of this parameter on the new object created by New-QADAzureConfigObject in the directory.

    Table 6: Parameter: name (string)

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureTenantId (string): Specifies the Azure AD tenant ID obtained from the default tenant (created after subscribing to Microsoft Azure).

    NOTE: The Azure AD ID value configured for this parameter must match the tenant ID configured on the Azure AD side. Otherwise, attempts to create an Azure AD application or manage Azure AD objects will fail.

    Table 7: Parameters: AzureTenantId (string)

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureTenantDescription: Specifies the required description of the Azure AD tenant.

    Table 8: AzureTenantDescription

    Required

    false

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureAdminUserID: Specifies the administrative user name for Microsoft Azure AD.

    NOTE: The administrative user must have the required privileges (for example, License Administrator, User Administrator or Groups Administrator roles) to perform license management or Azure user, guest user, and group management.

    For more information on the available privileges and for an overview of the various Azure and Azure AD administrative roles, see Azure AD built-in roles and Classic subscription administrator roles, Azure roles, and Azure AD roles in the official Microsoft documentation.

    Table 9: Parameters: AzureAdminUserID

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureAdminPassword: Specifies the administrative user password for Microsoft Azure AD.

    Table 10: Parameters: AzureAdminPassword

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureADTenantType: Specifies the Azure AD tenant type (Federated, Non-Federated, or Synchronized Identity).

    NOTE: Make sure that you select the tenant type corresponding to your organization environment.

    Table 11: Parameters: AzureADTenantType

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

    Accepts value
    • Federated
    • NonFederated
    • SynchronizedIdentity
Examples

See the following use cases for examples on how to use this cmdlet.

Example: Creating a new Azure AD tenant with a local user

To create a new Azure AD tenant with a locally logged on user

  1. Connect to any available domain controller with the credentials of your local user.

  2. Create a new Azure AD tenant with the following New-QADAzureConfigObject cmdlet:

    C:\PS> New-QADAzureConfigObject -type 'AzureTenant' -name 'CompanyAzuretenant' -AzureTenantId 'CompanyAzureTenantID' -AzureTenantDescription 'Azure tenant for Company' -AzureAdminUserID 'AzureAdminUser1' -AzureAdminPassword 'AzureAdminPassword1’ -AzureADTenantType 'AzureTenantType'
Example: Creating a new Azure AD tenant with a specific user and then disconnecting

To create a new Azure AD tenant with a specific user and then disconnect

  1. Connect to any available domain controller:

    C:\PS> $pw = read-host "Enter password" -AsSecureString
  2. Connect to the local Administration Service with a specific user of your choice:

    C:\PS> connect-qadService -service 'localhost' -proxy -ConnectionAccount 'company\administrator' -ConnectionPassword $pw
  3. Create the new Azure AD tenant:

    C:\PS> New-QADAzureConfigObject -type 'AzureTenant' -name 'CompanyAzuretenant' -AzureTenantId 'CompanyAzureTenantID' -AzureTenantDescription 'Azure tenant for Company' -AzureAdminUserID 'AzureAdminUser1' -AzureAdminPassword 'AzureAdminPassword1’ -AzureADTenantType 'AzureTenantType'
  4. Once the Azure AD tenant is created, disconnect your user:

    C:\PS> disconnect-qadService

Add an Azure AD application using Management Shell

Add an Azure AD Application

You can use the Active Roles Management Shell to add an Azure AD application to the Azure AD tenant.

To add an Azure AD application

On the Management Shell interface, run the New-QADConfigObject cmdlet.

Synopsis

This cmdlet enables you to add an Azure AD application to the Azure AD tenant.

Syntax

New-QADAzureConfigObject -type 'AzureApplication' -name 'AzureApplication' -DisplayName 'ApplicationDisplayName' -AzureTenantId 'AzureTenantGUID' -AzureAppPermissions 'ApplicationPermission'

Description

Use this cmdlet to add an Azure AD application.

Parameters

  • type (string)

    Use this parameter to specify the object class of the directory object to be created. This is the name of a schema class object, such as User or Group. The cmdlet creates a directory object of the object class specified by the value of this parameter.

    Table 12: Parameters: type (string)

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • name (string)

    Use this parameter to set the 'name' attribute to this parameter value on the new object created by this cmdlet in the directory.

    Table 13: Parameters: name (string)

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureTenantId (string)

    Use this parameter to enter the Azure AD tenant ID obtained from the default tenant created after subscribing for Microsoft Azure.

    NOTE: The values entered for configuring Azure AD tenant must exactly match the values configured for Azure AD, else Azure AD application creation and management of Azure AD objects fail.

    Table 14: Parameters: AzureTenantId (string)

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • Displayname (string)

    Use this parameter to specify the 'displayName' attribute to this parameter value.

    Table 15: Parameters: Displayname (string)

    Required

    false

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureAppPermissions

    Use this parameter to specify the permission scope for applications for Azure AD.

    Table 16: Parameters:AzureAppPermissions

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureApplicationDescription

    Use this parameter to specify the description of the Azure AD application.

    Table 17: Parameters: AzureApplicationDescription

    Required

    false

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

Example

Connect to any available domain controller with the credentials of the locally logged on user, and create a new Azure AD application:

C:\PS> New-QADAzureConfigObject -type 'AzureApplication' -name 'AzureApplication' -DisplayName 'ApplicationDisplayName' -AzureTenantId 'AzureTenantGUID' -AzureAppPermissions 'ApplicationPermission'

Example

Connect to the local Administration Service with the credentials of a specific user, create a new Azure AD tenant and then disconnect:

C:\PS> $pw = read-host "Enter password" -AsSecureString

C:\PS> connect-qadService -service 'localhost' -proxy -ConnectionAccount 'company\administrator' -ConnectionPassword $pw

C:\PS> New-QADAzureConfigObject -type 'AzureApplication' -name 'AzureApplication' -DisplayName 'ApplicationDisplayName' -AzureTenantId 'AzureTenantGUID' -AzureAppPermissions 'ApplicationPermission'

C:\PS> disconnect-qadService

Active Roles Configuration steps to manage Hybrid AD objects

To configure Active Roles to manage Hybrid AD objects, perform the following tasks:

  1. Create an Azure AD tenant.
  2. Create the Azure AD application.
  3. Provide the administrator consent for the Azure AD application.
  4. Enforce the Built-in Policy - Azure - Default Rules to Generate Properties Policy Object to the on-premises Active Directory containers, which are synchronized to Azure AD.

NOTE:

  • After an upgrade the edsvaAzureOffice365Enabled is not available for viewing or editing from Organizational Unit | Advanced Properties or through the management shell command-let, however the organizational unit container continues to be an Azure enabled container as the azure policy is already applied.

For more information on Azure custom policies, see Changes to Azure O365 Policies in Active Roles after 7.4.1.

Active Roles on Windows Azure VM

Active Roles on Windows Azure VM

This section outlines the recommended steps for deploying Active Roles in the Windows Azure Infrastructure Services environment. After you complete these steps, you have the following services deployed in Windows Azure using Windows Azure virtual machines:

  • SQL Server 2012 or later to host the Active Roles database
  • Active Roles Administration Service
  • Active Roles Web Interface
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级