立即与支持人员聊天
与支持团队交流

Active Roles 8.1.5 - Quick Start Guide

Introduction Active Roles Setup package Active Roles uninstallation System Requirements Deploying the Administration Service Deploying user interfaces Installing additional components Upgrade of an earlier version Performing a pilot deployment Deployment considerations Silent installation of Active Roles components Configuring Active Roles to Manage Hybrid Active Directory Objects Deploying Active Roles for AWS Managed Microsoft AD Active Roles on Windows Azure VM

Add an Azure AD application using Management Shell

Add an Azure AD Application

You can use the Active Roles Management Shell to add an Azure AD application to the Azure AD tenant.

To add an Azure AD application

On the Management Shell interface, run the New-QADConfigObject cmdlet.

Synopsis

This cmdlet enables you to add an Azure AD application to the Azure AD tenant.

Syntax

New-QADAzureConfigObject -type 'AzureApplication' -name 'AzureApplication' -DisplayName 'ApplicationDisplayName' -AzureTenantId 'AzureTenantGUID' -AzureAppPermissions 'ApplicationPermission'

Description

Use this cmdlet to add an Azure AD application.

Parameters

  • type (string)

    Use this parameter to specify the object class of the directory object to be created. This is the name of a schema class object, such as User or Group. The cmdlet creates a directory object of the object class specified by the value of this parameter.

    Table 13: Parameters: type (string)

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • name (string)

    Use this parameter to set the 'name' attribute to this parameter value on the new object created by this cmdlet in the directory.

    Table 14: Parameters: name (string)

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureTenantId (string)

    Use this parameter to enter the Azure AD tenant ID obtained from the default tenant created after subscribing for Microsoft Azure.

    NOTE: The values entered for configuring Azure AD tenant must exactly match the values configured for Azure AD, else Azure AD application creation and management of Azure AD objects fail.

    Table 15: Parameters: AzureTenantId (string)

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • Displayname (string)

    Use this parameter to specify the 'displayName' attribute to this parameter value.

    Table 16: Parameters: Displayname (string)

    Required

    false

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureAppPermissions

    Use this parameter to specify the permission scope for applications for Azure AD.

    Table 17: Parameters:AzureAppPermissions

    Required

    true

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

  • AzureApplicationDescription

    Use this parameter to specify the description of the Azure AD application.

    Table 18: Parameters: AzureApplicationDescription

    Required

    false

    Position

    named

    Accepts pipeline input

    false

    Accepts wildcard characters

    false

Example

Connect to any available domain controller with the credentials of the locally logged on user, and create a new Azure AD application:

C:\PS> New-QADAzureConfigObject -type 'AzureApplication' -name 'AzureApplication' -DisplayName 'ApplicationDisplayName' -AzureTenantId 'AzureTenantGUID' -AzureAppPermissions 'ApplicationPermission'

Example

Connect to the local Administration Service with the credentials of a specific user, create a new Azure AD tenant and then disconnect:

C:\PS> $pw = read-host "Enter password" -AsSecureString

C:\PS> connect-qadService -service 'localhost' -proxy -ConnectionAccount 'company\administrator' -ConnectionPassword $pw

C:\PS> New-QADAzureConfigObject -type 'AzureApplication' -name 'AzureApplication' -DisplayName 'ApplicationDisplayName' -AzureTenantId 'AzureTenantGUID' -AzureAppPermissions 'ApplicationPermission'

C:\PS> disconnect-qadService

Active Roles Configuration steps to manage Hybrid AD objects

To configure Active Roles to manage Hybrid AD objects, perform the following tasks:

  1. Create an Azure AD tenant.
  2. Create the Azure AD application.
  3. Provide the administrator consent for the Azure AD application.
  4. Enforce the Built-in Policy - Azure - Default Rules to Generate Properties Policy Object to the on-premises Active Directory containers, which are synchronized to Azure AD.

NOTE:

  • After an upgrade the edsvaAzureOffice365Enabled is not available for viewing or editing from Organizational Unit | Advanced Properties or through the management shell command-let, however the organizational unit container continues to be an Azure enabled container as the azure policy is already applied.

For more information on Azure custom policies, see Changes to Azure O365 Policies in Active Roles after 7.4.1.

Deploying Active Roles for AWS Managed Microsoft AD

NOTE: This feature is officially supported starting from Active Roles 8.1.3 SP1 (build 8.1.3.10). It is not supported on Active Roles 8.1.3 (build 8.1.3.2) and earlier versions.

Active Roles supports deployment and configuration in the Amazon cloud to manage AWS Managed Microsoft AD instances hosted via AWS Directory Service.

This allows you to:

  • Perform Active Directory management tasks in your AWS Managed Microsoft AD environment.

  • Synchronize directory data from an on-premises AD environment to AWS Managed Microsoft AD.

  • Synchronize passwords from an on-premises Active Directory to AWS Managed Microsoft AD (with certain limitations).

For more information about the Active Roles features supported with AWS Managed Microsoft AD, see Support for AWS Managed Microsoft AD in the Active Roles Feature Guide.

Supported AWS Managed Microsoft AD deployment configuration

To administer AWS Managed Microsoft AD environments, you must deploy Active Roles into the Amazon cloud in the following configuration:

  • Active Roles must be deployed on an Amazon Elastic Compute Cloud (EC2) instance or instances. For more information, see the Amazon Elastic Compute Cloud documentation.

  • The SQL Server required by Active Roles Administration Service must run on a separate Amazon Relational Database Service for Microsoft SQL Server (RDS for SQL Server) instance. For more information, see the Amazon RDS documentation.

  • The Active Directory environment must be hosted in the Amazon cloud via AWS Directory Service. For more information, see the AWS Directory Service documentation.

NOTE: Support for AWS Managed Microsoft AD by Active Roles was tested only in this configuration. Active Roles does not officially support managing AWS Managed Microsoft AD environments in a hybrid deployment, that is using an on-premises Active Roles and/or SQL Server installation and hosting AD via AWS Directory Service.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级