Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 3)

by [Published on 11 March 2014 / Last Updated on 11 March 2014]

In this part 3, we will deep dive into the Windows Azure Active Directory (WAAD) side of things.

If you would like to read the other parts in this article series please go to:

Introduction

In part 2 of this article series revolving around what the Windows Azure service is all about as well as how you deploy an Exchange hybrid deployment in Windows Azure, we took a look at the Windows Azure portal and talked about the services within the Windows Azure platform that are relevant when it comes to preparing for deployment of the Windows Azure based virtual machines that will be used for our Exchange hybrid deployment. We also dived into how you can connect to the Windows Azure platform using Remote PowerShell.

In this part 3, we will deep dive into the Windows Azure Active Directory (WAAD) side of things. I’ll explain the relationship between WAAD and Office 365, and how you add an existing directory to the Windows Azure subscription.

Let’s get going…

Relationship between Windows Azure Active Directory and Office 365

So currently we have a Windows Azure subscription running. Included in the subscription is a Windows Azure Active Directory (WAAD). In my specific scenario, the Windows Azure subscription has been created using my Microsoft Account (formerly known as Windows Live ID), which primarily is intended for accessing consumer services such as Outlook.com, SkyDrive, Windows Phone, Xbox Live, Windows 8 devices. Unlike with Windows Azure, you cannot use a Microsoft account to access Office 365 and the services offered via Office 365.

Not that long ago, the Windows Azure team made it possible to create a Windows Azure subscription using an organizational ID. You do so by going to: https://account.windowsazure.com/organization.

When creating a Windows Azure subscription using an organizational ID, you also create a Windows Azure tenant (<tenant_name>.onmicrosoft.com) similar to when you create an Office 365 tenant as shown in Figure 1.

Image
Figure 1: Signing Up for a Windows Subscription using an Organizational ID

If you have already created a Windows Azure subscription using a Microsoft account and wish to use an organizational ID to login to and manage the Windows Azure subscription, you do not need to create a new subscription. You can instead add a new Windows Azure tenant to the existing Microsoft account based Windows Azure subscription. To do so, you open the Windows Azure Management Portal and click “Active Directory” in the left pane (Figure 2).

Image
Figure 2: Windows Azure Active Directory

As you can see in Figure 3 our current default directory is sourced from the Microsoft Account backend system (consumer directory) and not an organizational tenant.

Image
Figure 3:
Default Directory Sourced from Microsoft Account

Click “New” > “Active Directory” > “Directory” as shown in Figure 4.

Image
Figure 4:
Creating a new Active Directory Directory

Now select “Custom Create”.

Image
Figure 5: Custom Create

We can choose between adding an existing Windows Azure Active Directory or creating a new one.

Image
Figure 6: Adding existing or creating a new directory

If you have already created an Office 365 tenant, then you also have a Windows Azure Active Directory. In that case, you would choose to add an existing directory. When selecting this option, you need to sign out and then sign back in as a global administrator for the Office 365 tenant Active Directory you wish to add to the Windows Azure subscription, as shown in Figure 7.

Image
Figure 7: Signing out of the Windows Azure Management Portal

Now sign in as the Global Administrator on the Windows Azure sign-in page.

Image
Figure 8: Signing into the Active Directory Management Portal with the Organizational ID

You will now need to confirm you wish to add the respective directory to the Microsoft Account based Windows Azure subscription.

Click “Continue”.

Image
Figure 9:
Confirming the directory should be added to the windows subscription

And that’s it! You have now added your Office 365 tenant (more specifically Windows Azure Active Directory tenant that Office 365 utilizes) to this Windows Azure subscription. Pretty cool right?

Image
Figure 10:
Directory added to the Windows Subscription

Now log into your Windows Azure subscription using the Microsoft account and then click “Active Directory”. You will see the Windows Azure Active Directory tenant listed (Figure 11).

Image
Figure 11: The added Windows Azure Active Directory listed in Windows Subscription

Click on the directory and then the “Users” tab. Here you can see the users created in the Office 365 tenant and that they are sourced from “Local Active Directory” meaning that an on-premises Active Directory is the source of authority and that DirSync is used to synchronized Active Directory user objects to the Office 365 tenant Active Directory.

Image
Figure 12:
Users sourced from the on-premises (local) Active Directory listed

Likewise, if we click on the “Groups” tab (Figure 13), we can see a list of security and distribution groups that has been synchronized from the on-premises Active Directory via DirSync or has been created directly in our Windows Azure Active Directory.

Image
Figure 13: List of security and distribution groups source from the on-premises Active Directory or WAAD

Let us also try to click on the “Domains” tab. Here we get a list of all the domains that have been added to the tenant via Office 365.

Image
Figure 14: Domains added to the Windows Azure Active Directory (Office 365 tenant)

Finally, click on the “Directory Integration” tab. Here we can enable and disable directory synchronization, see information about directory synchronization and find the steps we need to go through prior to enabling directory synchronization. Those of you with Office 365 experience know that we also can enable directory synchronization from within the Office 365 portal.

Image
Figure 15: directory integration information

This concludes part 3 of this multi-part article in which I provide you with an explanation of what Windows Azure is and how you configure an Exchange 2013 hybrid lab environment in Windows Azure.

If you would like to read the other parts in this article series please go to:

The Author — Henrik Walther

Henrik Walther avatar

Henrik Walther is a respected writer with special focus on Microsoft Exchange and Office 365/BPOS (Exchange Online) solutions within the unified communications area. Prior to joining Microsoft, he was an eight year Exchange MVP and back in 2006 he took the Microsoft Certified Master: Exchange certification.

Latest Contributions

Featured Links