Sync AD to 365

Synchronize domain users to Microsoft 365

Set up Active directory synchronization for Microsoft 365 

Syncing On Premise AD & Office 365 through AD connect

This session we will discuss about the steps how to synchronize ADDS to Office 365.

On Premises

ADDS

Cloud User which we wanted to sync users to Office 365

Steps:

Login to your Office 365 Subscription

Below link:

https://admin.microsoft.com/

Download Microsoft Azure Active Directory Connect

https://www.microsoft.com/en-us/download/details.aspx?id=47594

Install AD Connect to On Premises Windows Server

Administrator user office 365:-

Now installing Started

Agree the license and continue process

Here I am selecting customize installation process

 Now need to install required components

Click to install

Installation started

Have selected password hash

Converting passwords into unreadable strings of characters that are designed to be impossible to convert

Click to next step

Admin user and password required and click next

 Again required admin user credentials

Verification

Select domain and click to add directory

Now enter on premises admin username and password

Active directory added click to next

Now need to create UPN Suffixes  

User Principal Name (UPN)? In Microsoft Active Directory, a User Principal Name (UPN) is a username and domain in an email address format. In a UPN, the username is followed by a separator “at sign” (@) followed by the active directory’s internet domain. An example UPN is shariq@querypanel.co.

Go server manager

Click to active directory domain and trust

Click on domain and trust go to properties

UPN Suffixes click to add domain and apply

After creating upn suffixes getting multiple domains

Select domain suffixes

If you can check here office 365 domain is verified

Here selecting the 365 cloud user from OU click to next

User identification click to next

Optional features click to next

Now click to install

Configuration completed

Click to exit and checking the synchronization status

Synchronization status office 365

Synchronization status page

Open Synchronization service manager

Start powershell for force to sync on premises to 365 normal 30 minutes auto sync

PS C:\Users\Administrator> Get-ADSyncScheduler

PS C:\Users\Administrator> Start-ADSyncSyncCycle -PolicyType Delta

These are the simple steps to configure 365 cloud services to on premises

365 User Management

How to add users in Microsoft office 365

Here I am going to explain the steps how to add standard user and admin user in Office 365

Steps: Login to admin.microsoft.com with admin privileges.

I am creating first Standard User.

Click to active users

 Active users list will be appear

Now here creating new user in custom domain

Click to add user

Basic Details about creating user

And next

User cannot changed password and password will send to administrator account

And click to next

Have selected here Business Standard

Now to click next

Select no admin center access and click next

Finish now and login to created user or reset password

So here is the created user’s details

Login as user

Click next here will be authentication check

Download Microsoft authenticator application

Scan and authenticate

Standard User Password

Have Login to Created standard user

Click on Install apps select app and download it

MS Office Setup File Downloaded

Install Downloaded file and use the office 365 Services.

ADD Admin User IN Microsoft Office 365

Fill here required details about Administrator which you wanted to create

Here password automatic generated and Global Admin will received the admin password on registered email id

Once done next button

Select office license and click to next

Administrator account assign

Selected administrator roles and click to finish

Created admin user

Created admin user Dashboard

Custom Domain M 365

How to Add Custom Domain in Office 365 Cloud

// Youtube :

https://www.youtube.com/channel/UCnBUWkRJBp2xA6FLYlMd2EA?sub_confirmation=1

Steps:

These are the 4 steps we need to follow to add domain in Microsoft Office 365

Add Domain

Domain Name

Domain Verification

Connect Domain

and

Finish

Login to Microsoft admin portal with admin privileges

// https://admin.microsoft.com/

Once Login to admin office 365 admin center

Click to show all once expand

Now click to setting

click to domains

Once domain page will open click to add domain

Type to domain (your) name

Select TXT Record or direct login to your    domain provider

Click Continue

So, here TXT Records

Need to add in DNS TXT Record

..

I had Godaddy Domain so I need to update here.

Once records updated click to verify Domain

click continue

need to add DNS Record

adding DNS Records on Godaddy

Updating DNS Records in Godaddy

DNS Records update

And Domain Verified

These are the simple steps to add domain and verify domain in Microsoft Office 365

FSMO Roles

FSMO Roles: FSMO roles is a feature in Active Directory

FSMO roles is dependent on Replication.

Flexible single master operation is a method active directory method for replication active directory tasks.

Microsoft introduced flexible single master operation (FSMO) roles in 2003.

Introduced because if Primary DC is down no changes could be made until it will up again.

Once we have install active directory it’s automatic available to Active directory.

FSMO roles give the confidence that Active directory working perfectly

FSMO having 5 Roles:

1: SCHEMA Master.

2: Domain Naming.

3: PDC Emulator.

4: RID Master.

5: Infrastructure Master.

Note: Before starting it need to understand Replication.

Replication type:

a. intrasite replication

b. intersite replication

a. intrasite replication –it’s replicate 24*7 – its also called as live replicate

b. intersite replication — replication between domain to domain call as intersite replication – replicate time between 1 tree to another tree is 180 Minutes.

        intersite replication taking maxmix 180 Minutes to replicate between each other.

Fsmo role: divided into two categories:

1. forest wide fsmo roles

        a)   schema master – perform the Read write copy  and user login operations  of active directory ,Managing attributes, its try to avoids conflict between trust domain users

             Example: if we create same user 2 both domain and tree it will automatic delete 1 user from domain between 180 Minutes.

        b)   Domain Naming – responsible to take care of not to create any same name domain and child domain, managing domain creating modification or deletion.

2. Domain wide fsmo roles

        a) PDC Emulator – if password changed it will replicate to pdc – Password Authentication/Failure control by PDC Emulator.

            /Authentication failure / PDC Primary Domain Controller (pdc) –

            it’s a time synchronize technique  – basically PDC Emulator use to manage time synchronization to all forest domain.

        b) RID Pool: maintains the global RID space for an entire domain. CN=RID Manager$,CN=System,DC=domain_name.

           RID Master allocate unique users groups and objects and etc. if RID is not running we cannot create a user or group in DC.

        c) Infrastructure Master: Help to replication user in Infrastructure , help to control the communication between domain and child domain,

           Infrastructure resolved the Access control Lists between domain and sub domains.

Domain/Tree/Forest ?

Domain: an office infrastructure when server and client system working together –

Client services dependent on server is called domain.

Domain is a method to managing clients and Policies managed by centralize server.

CLIENTS and system working together with the help of server and dependent on server is known as domain. If there is any issues on server clients

Cannot do anything.

Like example:

SBI Bank having branches in Bihar Cities, one City Branch domain having technical issues so overall city branches facing the issues.

So, clients totally dependent on City Domain.

So, that’s why clients and server work together is known as domain.

What is Tree?

Collection of Multiple Domain is known as tree.

Multiple domain working together known as Tree.

Example: SBI having branches in Overall Bihar .In every city having separate Branches.

So here overall Bihar having multiple branches. So head office will be tree.

What is forest?

Collection of multiple Tree knows as forest.

Example: in India overall Indian States having separates branches,Bihar,Delhi,UP and etc..

So, states having multiple tree- suppose single state called as tree,

So collection of tree know as forest: suppose overall state call as forest.

Can’t Connect to Internet?

Here I will share the steps

 How to troubleshoot.

How to Troubleshoot Internet if you are not connected to internet

Once you will face any kinds of network connection issues

Open command promote

Win+r

Type cmd

So, type ipconfig or ipconfig /all

I am not getting any IP Address but adaptor displaying undefined network

So, there is multiple options to troubleshoot Network connection

First Method:

Right click to active adaptor and disable adaptor

Now enable it

Still internet is not working

Still internet is not connected showing undefined network

Now,

Checking step 2:

Sometimes same ip address assigned to multiple devices this can be a loop hole

ipconfig /release

C:\Users\shari>ipconfig /renew

domain name system (DNS)

If still not working flushdns

If still not working insert DNS like Google or Oracle dns

216.146.35.35  dns

216.146.36.36  dns

After updating static dns internet is working

Or we can also try google.com dns

IP addresses 8.8.8.8 and 8.8.4.4 as your DNS

So main cause is our DNS

So this is the process to rectify network issues

Internet pinging status

Static Internet Protocol (IP)

How to Assign Static Internet Protocol (IP) to Server and Laptop/Desktop PC

Press Win key and r

And type

Ncpa.cpl

One popup window will be open similar to this

Right Click on active Network Adaptor

Go to properties

Select IPV4 Address click select the Properties and edit

Here will apply static IP Address

Here you need to check the IP Series Class

According to you IP Series you need to assign IP to PC or Server.

We need to Assign Internet Protocol series with subnet

Note: not necessary to add Default Gateway or DNS it will auto fetch  

Once assign static IP Check the Network Status

IP Address Status

Distributed File System

DFS is a method or a process to increase the consistency of Shared file server.

DFS in a Windows Server Infrastructure & DFS Replication

It’s difficult to recall all file server in Infrastructure so, Microsoft implemented Distributed file server.

DFS is a technology to manage multiple shared files from single server but actually DFS picked the data from original location.

Distributed File System- (DFS) – DFS is a Windows Server feature which allows System Administrators to create a single namespace to provide a replicated sharing infrastructure across the network. 

Here I am going to explain how to install DFS in your Infrastructure.

Select which wins server you wanted to become Primary File shared server.

Go to windows server

Open windows server manager.

Click to add roles and features

Installation will be on Role Based feature-based installation

—Steps

Install Distributed File System from server Manager

Start DFS from tools

Create new Namespace server

    Again, create new namespace server inside created namespace server

Create new folder inside namespace

Add folder target for replication jobs

—     

Select DFS Replication and Namespace

Once selected click too next

DFS is ROLES based installation.

And roles added make all default installation.

(We need to Install DFS Roles on all File Server which will be associate with Main File Server.

Like example: I am having Primary Server I need to associate all my file server will associate with Primary server with the help of DFS ACTUALLY file server will be on his original location but they act like hosted with primary server.

)

Check the features leave as default and click too next

Now click to install

Once installation done click to tools

Now close wizard after installation done

Now click to tools and select dfs

Once DFS Wizard open click to namespace primary file server and create new namespace

Enter the host namespace server so, primary server will be hosting browse primary server

Once select server name click to next

Time the Shared file name edit permission setting click to custom permission add users and apply

Now select domain based namespace

And click to create namespace

Once done close wizard

Now adding the file server to primary server inside the created namespace

Right click on created namespace and add new namespace server

Browse file server machine name and assign permission and click to ok

Click ok Wizard

Namespace server having two now

So, now need the target folder right click and click new target folder

File Server Directory

Click to folder right click and select to folder target

Browse the target folder and select that

Once selected click okay

Replication job verification click yes

Once replication wizard change the replication name or leave as default

Now click to next

Primary member

Topology

Click to next

Now click to create replication job

Created successfully

Replication one server to another server

Now here I am checking and sharing File Server using Secondary Server (Because I don’t want to share my Primary server’s name to Infrastructure users).

Here: I am having all data to my primary server but just using to replicate and hide my primary server details to users.

Start DFS in Secondary server

Assign user permission

Domain based name space

Now click to create

Namespace created close the wizard

Right click to created namespace and create new namespace to created server

Browse server

So now here NEW namespace server creating behalf of bdc server

Namespace server status

Namespace servers

Now creating the folder

Browse the shared folder and select that

Selected folder

Click okay

Created folders

Now select the folder and add the replication target

Select the folder target

Now click okay

Now replication job will be created

Once replication started here configure it

Again, click to next

Select the primary server

Select full mesh

Schedule bandwidth

create replication job

Created replication job

Directory Structure

using DFS useful for even security complete hide the Directory Structure

Workgroup/Domain Group

:

Domai:Domain is a Group of Resource specfic by the name.
Domain is a method to organize a group with a name.

Domain is a resource management process which can be assign by the name and associated with the Internet Protocal IP Adress.

Domain is the address of Website like public domain and private domain
example: hotmail.com/gmail.com — it’s a domain but it’s associated with IP Address.

kinds of domain:
Public Domain availability to everyone
Example
google.com/facebook.com and etc.

Private Domain only authorized users.
querypanel.local
abc.local or etc

:

Workgroup: workgroup is a method to arrange self contained computers system in any network. workgroup is not connected to any server.
workgroup pc is not under centralize management system not having the any security policies.

WORKGROUP Domain collection of self contained computers
A workgroup primarily uses a pee to peer networking architecture
in which each computer is self-contained, with its user account
permissions, memory, and importance. Furthermore, the security of these systems is questionable.

no centralized control over the devices in the workgroup.

Domain group: Domain group is a process to manage Centralize pc and server. a domain controller is used to manage all connected pc server in the domain Group.

Centralize control to all devices over the domain group.

Difference Between work group and domain group:

Workgroup: all system and pc / servers is in the peer connection but there is not any centralize management.

workgroup is also knows as a Individual management system or self control system.

example workgroup: in every pc/server need to assign policies individually.
less secure workgroup infrastructure.

Domain: in Domain group a centralize server managing all connected devices like server, pc, printers, switches and etc.
Domain Group can set the centralize policies and security and assign the roles as per the profile and requirement.

example: if Domain Admin allow to use the resource then it can be use otherwise they haven’t having access.

Mostly in Offices Infrastructure having Domain Group authentications because we can apply the policies according the IT Protocol.

Antivirus

Antivirus: Antivirus is a software to protect you from unwanted thread.

Example: you can say Antivirus protect individual level protection method it’s protect you according to your Configuration of Antivirus.
Antivirus software is the process to detect the virus remove the virus or quarantine virus.

Antivirus: Antivirus is a method to protect your pc from unwanted threat. an antivirus is a individual pc protector.
qulity of antivirus dependent on the categories.
kinds of antivirus protection:
browser surfing protection.
software protection
disallow unwanted threat
safe browsing.


how does a antivirus work:

  • Signature Based detection.
  • heuristic based detection.
  • behavior based detection.

Firewall

Firewall: A network Security method to keep you safe from non authorize access and packets will receive only authorize and filter access.
Firewalls typically work on the network layer and transport layer, some are also capable of working as high as the application layer.

Firewall is a defense system of any network Firewall.
Firewall is a security method of any network firewall.
firewall always keep you safe
Firewall keep prevent from hackers and non authorize access internal and external.

A firewall performs the task of inspecting network activity, looking for cyber threats by comparing data against
an extensive catalog of known threats.
They can also detect abnormal activity, which may signal a potential threat

Firewall is a two way protection security method or protocol,
Firewall used to protect internal threat and external threat.

TYPES OF Firewall protection Hardware device and software.
hardware firewall

A hardware firewall acts as a gatekeeper and antivirus solution for your server.
It sits directly behind the router and can be configured to analyze incoming traffic,
filtering out specific threats as they come across the device.

Hardware Firewall Network protection dependent how do you configure your firewall.
which security policies you have applied.

Example: I am using PfSense firewall. Linux Kernel Firewall.
have configure according to Infrastructure.

so, allow traffic disallow traffic.
some of the customized good firewall having option to protect IT infrastructure to use Proxy Server.

Firewall is the Gatekeeper of any Network. it’s filter network traffic incoming and outgoing network traffic.
Firewall is protector of entire network associated with them.

Firewall: Firewall is used to protect your internal Network from unwanted thread.
Firewall is the protector of your internal Network from outside thread.
firewall is a two way protection method.

Hardware Firewall protect the entire firewall.
implemented on the Router Level to protect the entire network.

firewall only allow authentic traffic and block unwanted traffic.

What can firewall do?
Focus on security decision.
stop hackers to enter your network and pc.
firewall allow which program can access internet.
Authentication managed by firewall rules

every operating system having inbuilt software firewall.
example:
if you are surfing internet you have visited so many sites and application from that site
you will not get any thread or any virus software’s.

in simple language you can say a firewall is a protector of your workplace infrastructure
in every pc having default windows firewall protector.

one more example:
in infrastructure in one pc having virus and thread, so in this scenario firewall will also can deal with internal thread or virus
that’s why firewall is a two way protector.

types of firewall.

  • Hardware: in workplace or home network if you are having hardware firewall enable then
    hardware firewall will uniquely identify all pc connected and assign network address
    and cross check browsing
  • Software Firewall: Software firewall protect the individual computer or single computer.

FSMO Roles

FSMO WHY DO WE REQUIRED?

Microsoft split the responsibilities of a DC into 5 separate roles that together make a full AD system.

FSMO stands for Flexible Single Master Operations. Microsoft Active Directory is by far the most widely used domain authentication service across the globe ever since it was released in 1999 (in Windows Server 2000). Over the decades Microsoft has made many advancements in its Active Directory to transform it into the secure system we are using today.

One of these updates included the introduction of a Single Master Model. In this model- only one domain controller could make the required changes in a domain, while the other DCs would only complete authentication requests.

This model created a single point of failure, which means if the master or primary domain controller goes down, there is no way to make changes to the domain until the master DC is back up.

To remediate this issue, Microsoft separated the responsibilities of a DC into multiple roles. The administrators could then assign these roles to multiple domain controllers, and if one of the DCs would go down, the other DCs could take over the missing role and business continuity would remain intact.

This concept is named the Flexible Single Master Operation or FSMO for short, and the roles are known as FSMO roles.

FSMO stands for Flexible Single Master Operations. Microsoft Active Directory is by far the most widely used domain authentication service across the globe ever since it was released in 1999 (in Windows Server 2000).
Over the decades Microsoft has made many advancements in its Active Directory to transform it into the secure system we are using today.

One of these updates included the introduction of a Single Master Model. In this model- only one domain controller could make the required changes in a domain,
while the other DCs would only complete authentication requests.

This model created a single point of failure, which means if the master or primary domain controller goes down,
there is no way to make changes to the domain until the master DC is back up.

To remediate this issue, Microsoft separated the responsibilities of a DC into multiple roles. The administrators could then assign these roles to multiple domain controllers,
and if one of the DCs would go down, the other DCs could take over the missing role and business continuity would remain intact.

This concept is named the Flexible Single Master Operation or FSMO for short, and the roles are known as FSMO roles.

FSMO gives you confidence that your domain will be able to perform the primary function of authenticating users and
permissions without interruption (with standard caveats, like the network staying up).

FSMO Role Scope
Schema Master Forest
Domain Naming Master Forest
Primary Domain Controller Emulator Domain
RID Master Domain
Infrastructure Master Domain

Schema Master
The Schema Master role manages the read-write copy of your Active Directory schema. The AD Schema defines all the attributes –
things like employee ID, phone number, email address, and login name – that you can apply to an object in your AD database.

Domain Naming Master
The Domain Naming Master makes sure that you don’t create a second domain in the same forest with the same name as another.
It is the master of your domain names. Creating new domains isn’t something that happens often, so of all the roles,
this one is most likely to live on the same DC with another role.

RID Master
The Relative ID Master assigns blocks of Security Identifiers (SID) to different DCs they can use for newly created objects.
Each object in AD has an SID, and the last few digits of the SID are the Relative portion. In order to keep multiple objects from having the same SID,
the RID Master grants each DC the privilege of assigning certain SIDs.

PDC Emulator
The DC with the Primary Domain Controller Emulator role is the authoritative DC in the domain. The PDC Emulator responds to authentication requests,
changes passwords, and manages Group Policy Objects. And the PDC Emulator tells everyone else what time it is! It’s good to be the PDC.

Infrastructure Master
The Infrastructure Master role translates Globally Unique Identifiers (GUID), SIDs, and Distinguished Names (DN) between domains.
If you have multiple domains in your forest, the Infrastructure Master is the Babelfish that lives between them.
If the Infrastructure Master doesn’t do its job correctly you will see SIDs in place of resolved names in your Access Control Lists (ACL).

//

Flexible Single Master Operation (also known as FSMO or FSMO Roles).

Primary Server FSMO Roles

Netdom query fsmo

Secondary server will also getting same roles but secondary server not having complete authority like Primary DC

If Primary Server having issues need to seize the fsmo roles after that Backup DC will retain complete authority

So, here I used to power off Primary Server

Primary DC is not active (Server Down)

Now type in PowerShell

But still, I will get all 5 FSMO roles

In secondary server I am getting all 5 Roles

Type

In Backup DC

Ntdsutil

PS C:\Users\administrator.VRE> ntdsutil

Just type only roles  and press enter

Type connections

Now need to connect to in backup Domain Controller like—

Connect to server bdc.vre.local

Now quit from connection press type q and enter

Here we need to seize all fsmo roles from primary server

Primary server is not running but fsmo roles with primary server need to seize the roles and allocate to secondary server

netdom query fsmo

fsmo maintenance: Seize infrastructure master

And press

Yes

fsmo maintenance: Seize naming master

fsmo maintenance:  Seize PDC

Seize RID master

Seize schema master

Now type quit

And quite from fsmo maintenance

So, after seize all 5 roles from Primary DC and assign to Secondary dc

If you can check after seize all roles

Now Backup domain having all fsmo roles

netdom query fsmo

Go to Active Directory users and computers

Right click on domain and click on operation masters

Now, check there

PDC

Infrastructure

MBR/GPT Difference

MBR/GPT Difference

Bare metal server — Install OS to Direct Physical server know as bare metal server.

Master Boot Record

MBR—-

MBR Support BIOS Legecy mode

it’s old partition table

MBR Support up to 2TB Hard Disk not more then 2 TB  Hard Disk

it will support 3 Partition table

slow to boot

no unique identification

crrupt data is not recoverable

not much secure only password on BIOS

boot partition and data store in one place.

How to check boot VM running on which Firmware in VMWARE

Click to edit

Vmware machine setting in any os

Click on vm and edit machine expand BOOT options

Check and select the firmware

So here selected machine is running MBR disk Format

Master boot record support BIOS.

GPT  —–

GUID Partition Table

GPT Support for UEFI Mode -VMWARE Vsphre EXSI using EFI –UEFI and EFI is same.

it is new partition table

it is support up to 10 TB

GPT Support 128 Primary partition

Fast boot

Universally unique identifiers

Cyclic Redundancy Check (CRC) GPT notic the problem and able to recover automatic

data can easly recoverable

more secure

boot partition and data stored in multiple places

want to check which boot firmware supporting go to machine click to edit

click to VM options

expand Boot Options

Firmware is currently EFI(UEFI) mode