Creating Azure Active Directory: Part One

Azure Active Directory has a large structure to manage and access by using a user-based control. An Active Directory is incredibly popular with enterprises and provides access to a large number of enterprise applications from the exchanged servers so that SharePoint can access them quickly. An Active Directory has been a key mechanism to providing access to users in large enterprises.

Azure Active Directory is a modern identity management system, which is on-premises in the Cloud. It provides the capabilities that you need to secure your solution such as application access control, federation, identity management, device registration, data protection and user provisioning. Azure Active Directory is the largest enterprise identity and access solution on the planet.


Image Source: https://azure.microsoft.com/en-in/documentation/articles/active-directory-whatis/

Azure Active directory is a comprehensive identity and access management Cloud solution; it combines directory services, advanced identity governance, application access management and a rich standards-based platform for you.

As you know, Windows Azure Active Directory is a multi-tenant Service, that provides an enterprise level identity and access management for the Cloud, built to support global scale, reliability and availability.

Some points are as follows about Windows Azure Active Directory, which are:

• For Azure Active Directory, you must have a Microsoft Account.
• Afterwards, I will create a new Windows Azure Active Directory.
• Subsequently, I’ll add the users to the directory as either a user or a global admin.
• The next step will be optionally enabling multi-factor authentication for the user.
• Afterwards, I’ll optionally add the user as a co-administrator for the subscription.

Hence, go ahead and login to the Microsoft Azure portal. Give your Azure Email address and a password.



You can see, I have a default directory in the Active directory, which will be created  by default, when you are going for an Azure subscription. In this directory, if you notice that the first user is you, it is created according to your user name.

How can I get an Azure AD directory?

It’s pretty simple to get an Azure Directory. I will also discuss about how to add the users to the directory as either a user or a global admin.



To create a new directory, go ahead to the Active directory and click New at the bottom to create it.



You can follow the following screenshot and go to Directory.



Click "Directory panel" and select "Custom create" Azure Active Directory.



Here, a Window will open, so you can see there are a couple of choices. I don’t have an existing directory. Therefore, select to create a new directory.


Simply give a name to your directory, which you would like, give a domain name to your directory as well, but make sure it is globally unique. If your domain name is unique then Windows Azure portal verifies and you get a Green check mark.


Next, you have to select your region of course, it is India.



All is set now, click to check the button to create your directory.



Hence, your directory will be created as expected. This can take a couple of seconds. You can see, I have my directory. Afterwards, I need to associate my directory with my Windows Azure subscription. See the URL I’m using, i.e some of my friends' Microsoft account. I’m going to make something interesting with this directory, so let’s see what changes occurred in the URL.

Go to Settings panel at the bottom of the Window.



Select subscriptions from the panel. There is your Azure subscription. In order to change the associated directory, click to edit the directory at the bottom of the Window.



Here is the option to associate a Windows Azure subscription with the new directory that I have just created. Select your appropriate directory and click next. For a check button, follow step two.



Click the check mark to confirm the directory mapping.


Next thing, you should do is that it will ask to reload your Windows Azure management portal. Click OK to reload it.



In the context, I have associated my directory with Azure management portal. You can see in the URL, I have @nitinazure ad.onmicrosoft.com, because my directory has been changed now.



Now, I want to create some users in my directory. Go ahead to the directory that I’ve created.



Click Users tab.



You notice, there is already one user in the directory, whose source is from a Microsoft account. You can say this is an account of the administrator, associated with my subscription. Adding the new user, click to Add User in the bottom of the Window.



A new popup will be generated for the user. There are a couple of options to select the type of the user. Click new user for the organization.



Give a user name to it. It will generate your active directory that, you’ve created. For further information, click the next arrow.



Let’s assign some information to this user. Give a first and second name Which would you like and display the name which indicates  this user would be the global administrator for this directory. In the end, specify a role to the user, as I say, the user would be global administrator of the directory.



Give an alternative Email. I had given here, my Microsoft account associated with my subscription. After fillin in all the necessary details, click the arrow to move to the next page.



As you can see in the next screenshot, it will ask to create a temporary password. This password is used in the first sign in to this user. Click to generate a password.


This will create a new password for you, so copy this user name along with the password and paste it on Notepad. Click the check mark to proceed.



Hence, the user is created. This user behaves like an administrator. 


To create another user dothe same thing, give a user name to it.



Give first, last name to it and notice that I’ve given user role to it.



Click to generate a password for this user.


Here is my new password for this user, copy both and paste to Notepad. Click the check mark to create another user.

These are the two passwords, that the portal generated with their username.



Hence, you can see, I have a couple of users added to the directory. I have Nitin Pandit (Azure Expert) which is an admin. Hence, its source is Windows Azure Active Directory. I also have a regular user, Nitin Pandit. Hence, the main thing is that both of these two directories have a couple of differences like global administrator is a user account that has a permission to administer all the active directories. We can say that Global Admin Nitin Pandit (Azure Expert) doesn’t have permission to log in to the Windows Azure management portal and the regular user can’t administer the directory nor can this user log in to Windows Azure management portal provisional services like virtual machines. I want to make the co administrator to thisa regular user for the Windows Azure subscription.



To do this, go back to Settings panel and select Administrators tab. Hence, click Add to specify this user as a co-administrator for the subscriptions.



In the Email address, put your regular user. Azure will verify it; i.e., is this account existing or not, and sign indicating that this user has administrator account (See icon).

Check on the subscription that Azure passes and click the check mark.

Hence, the subscription added successfully for the co-administrator. However, this user will not be able to administer the active directory. Thus, to do this, you have to be a global administrator in the directory and this user is not.



Click to Sign out from this active account.



Now, again sign in to Windows Azure, using global administrator user name and after entering a password to it that is generated for this user. Make a sign, using these credentials.



Hence, you can see it will ask you to reset your password. Give the new password and click to sign in.



There is no Azure subscription associated with this user account. Of course, this is expected. Remember, the global administrator has a global admin portal directory. This user doesn’t have any co-admin rights to the Windows Azure subscription. Just sign out from this account.



Login to Office 365 to make something interesting. I ha to login with my admin account; i.e., Nitin Pandit(Azure Expert). In this Server, a thing that can I do here is click admin to access the users and groups.



Click the users to see how many users are active in the active directory.



Here, as you can see, several users are active. Add a new user here in the directory; click to add a user and to create a new user.



Here, I’m going to create a new user, specify some details, and save these details.



Hence, you can see, I’ve added a new user in the administrator account. All is set, click to close the button.


Coming back to the Azure login Window, specify the regular user credentials. Use the old password here that I’ve generated at the time of the creation of the user.



Like admin account, it will ask you to update your password. Go for it and make the changes.

As you can see, I’m logged in Windows Azure Portal, follow the Windows Azure tour by simply clicking on the forward arrow mark.



Hence, I’m continuing with the tour.



See in the screenshot, I’m logged in the portal with my regular user account, which is an organizational account, where you don’t have any permission to make any changes.



Go to the Azure Directory and click to your directory that you have created.

Click the Users tab. You will find that you can’t make any change or access the resource. Hence, the conclusion is that only directory administrator can manage this directory.



If you login with your Microsoft account, you will find there are your users in the nitinazuread directory.



I hope you enjoyed this article and thanks for reading this article. Stay tuned for new articles and also you can download my book to learn more about Microsoft Azure.



Download