Creating my Custom Domain with Azure Active Directory using the new Portal
Today I created my very first own custom domain of users (community.katiegirl.net) on my Azure Active Directory using both the classic and new portal methods. It’s step one in a process if you want to integrate your organization’s existing Active Directory federated sign-on, SSO (single sign on), to the Azure Portal of Services. Also, you can better organize clients, teams, projects, etc… by creating separate active directories in Azure to restrict access to certain users that will only able to see, manage, or create the resources you want them to.
The classic Portal is being retired in early 2018 along with its easy and modern user interface design. The new Portal is a little more complicated but custom orientated and can take more effort to deploy versus the classic model. Since the classic Portal will probably be retired by the time you are reading this, I will discuss the new Portal method only.
Creating an Azure Active Directory
You can find the blade to create a new azure active directory under the Azure Marketplace topic “Security + Identity” or just search on “Azure Active Directory”. The organization name should relate to your company organization that users will be able to identify. Note: you are required to seed the directory with an initial domain name that is globally unique to the Azure space. You can modify and add your custom domain name in a later section. After it is complete, click to manage.
Managing Your Active Directory
Quick words of wisdom on how to find and manage your Azure Active Directories. After the first time you create a new Active Directory, Azure will switch you automatically to that newly created directory if you follow the motions. If you are logging into the new Portal normally, you are logged on to the Default directory and may have to switch to your desired directory. From the Main Menu select Azure Active Directory -> Overview -> Switch Directory (Button) -> Your Desired Directory (Pop-up). A screen capture below shows the switch directory button and the directory selection option will be a pop-up from the top right.
Adding a Custom Domain Name
I added my custom domain name by first switching to my desired active directory, then while on that blade, navigating to Manage -> Custom Domain Names. I then clicked on the + symbol to Add my custom domain name. I entered a preexisting and valid domain name of which I own.
Verifying Domain Name
The next step requires Azure to verify you are the owner and/or authorized administrator of the domain by added a DNS record to your site. I’ll show you how to do this next, but here is the screen of the details that Azure would like you to enter.
Adding DNS Record to your Site
My site runs on Apache and uses cPanel as a site manager. If you don’t have access to your organization’s site, there is an option on the Azure configuration blade to “Share these settings via e-mail” to send to your website or domain administer.
Click on the Advanced Zone Editor or a similar place where you can add a DNS record to your site. I added my own record. Note: This is a TXT type record and you have to copy and paste the “MS=..” as exactly specified into your Address field.
So, my own site now has a custom DNS record that Azure can verify my administrator rights. (Note: I deleted this record from my site after this project.)
Back in the Azure new Portal after your click on “Verify” and if its successful, Azure will redirect you to a special page.
Downloading and Installing Azure AD Connect
After you have verified ownership of the custom domain, you can download the Azure AD Connect [link here].
Note the Azure AD Connect only works on Windows Server and if you are just using Windows 10 like me, your day is done here!
My next steps to tinker would be to get access to a machine with Windows Server and Microsoft Active Directory installed with a custom network domain name. I could possibly create this in Azure and then revisit this process and install and configure the Azure AD Connect. I’ll post an update on my future projects if they are related.
But for now, I will *clap my hands* and congratulate myself on creating my own Azure Active Directory and custom domain! Party Time!