top of page
Abstract Futuristic Background
2024-11-16 13_05_34-Ive always wondered what would happen or which company will win if the

Project: ATLAS

Full Active Directory & Azure Integration

Objective: This project involved creating a complete IT infrastructure for ATLAS, a fictional private security/military company.
The project aimed to establish a secure, centralized environment for managing users, devices, and resources.

This was achieved by setting up a Virtual Machine (VM) server, configuring a Primary Domain Controller (PDC), deploying Active Directory (AD), and integrating the company’s local AD with Microsoft Entra and Azure AD (AAD).
Additionally, I handled license assignments and role-based access management to ensure efficient user access to both local and cloud resources.

Step-by-Step Breakdown:

1. VM Server Setup:

  • Objective: Create a virtualized environment to host the company’s Domain Controller.
     

  • Tools Used: Hyper-V, Windows Server 2019/2022
     

  • Process: The first step was to create a Virtual Machine (VM) using Hyper-V. I allocated sufficient resources (CPU, RAM, storage) to the VM, ensuring it could run Windows Server smoothly. After installation of Windows Server, I configured the network settings to ensure the VM could connect to both the local network and the internet for updates and services.
     

  • Outcome: The VM was set up and ready to serve as the Domain Controller (DC) for ATLAS. This provided the foundation for the Active Directory environment.

2. Active Directory Setup:

  • Objective: Establish Active Directory Domain Services (AD DS) to manage the company’s users, devices, and network resources.
     

  • Tools Used: Active Directory Domain Services (AD DS), DNS
     

  • Process: After the VM was up and running, I installed Active Directory Domain Services (AD DS) through the Server Manager. Following this, I promoted the server to a Domain Controller (DC) by using the Active Directory Domain Services Configuration Wizard.
    The domain was named atlas.local to reflect the company’s internal network.
     

    Along with AD DS, I also set up DNS (Domain Name System) on the server, which is crucial for name resolution in the Active Directory domain.
     

  • Outcome: The atlas.local domain was successfully created, making the server the PDC for all network activities within ATLAS. This domain would serve as the backbone for user and group management within the organization.

3. User Creation and Group Management:

  • Objective: Create and organize users and groups within Active Directory to control access to company resources.
     

  • Tools Used: Active Directory Users and Computers (ADUC), Organizational Units (OUs)
     

  • Process: Using Active Directory Users and Computers (ADUC), I created user accounts for employees at ATLAS, such as security officers, administrators, and managers. These accounts were grouped according to roles within the company (e.g., "Security Officers," "Admins," "Managers").
     

    I organized the users into Organizational Units (OUs) to streamline administrative tasks and apply specific policies to groups of users. For instance, the "Security Officers" OU was created to easily assign security-related group policies.
     

  • Outcome: ATLAS now had a structured user directory that mirrored the company’s organizational hierarchy, improving both management and security.

4. Azure AD Integration via Entra:

  • Objective: Extend ATLAS’s on-premises Active Directory to the cloud for centralized identity management.
     

  • Tools Used: Azure AD, Microsoft Entra, Azure AD Connect
     

  • Process: The next step was to integrate the on-premises Active Directory with Azure AD using Azure AD Connect. This is where Entra played a critical role in facilitating the hybrid identity setup.
     

    I configured Azure AD Connect to synchronize on-premises user accounts with Azure AD. This ensured that ATLAS employees could use a single set of credentials (same username and password) to access both on-premises resources (like file shares and printers) and cloud resources (like Microsoft 365 apps and services).
     

    Additionally, I verified that the synchronization was successful and tested the login process to confirm that users could sign in to both on-prem and cloud services without any issues.
     

  • Outcome: The integration between Active Directory and Azure AD was complete, giving ATLAS employees a unified authentication experience, whether they were working from the office or remotely.

5. License Assignment:

  • Objective: Assign Microsoft 365 licenses to users to grant access to essential services.
     

  • Tools Used: Microsoft 365 Admin Center
     

  • Process: With the Azure AD integration in place, I moved on to assigning licenses to the users in Microsoft 365 Admin Center. Each employee was assigned the necessary licenses based on their role.
     

    For example, Security Officers received licenses for Exchange Online (email), Microsoft Teams (for communication), and OneDrive (file storage). Admins received additional licenses for SharePoint and other admin tools required to manage the company’s cloud resources.
     

    I ensured that licenses were assigned appropriately to match the needs of each user, allowing them to access necessary services without over-assigning unnecessary features.
     

  • Outcome: All employees at ATLAS now had access to the required Microsoft 365 services, and their licenses were efficiently managed in the Admin Center.

6. Role Assignment and Permissions:

  • Objective: Configure role-based access and security policies for users.
     

  • Tools Used: Group Policy Objects (GPOs), Azure AD Roles, Role-Based Access Control (RBAC)
     

  • Process: The final step was to set up role-based access control (RBAC) both within Active Directory and Azure AD to ensure that users had appropriate permissions based on their job functions.

    I created Group Policy Objects (GPOs) to enforce security policies for on-premises users. For example, I configured password policies, login restrictions, and access controls for critical systems.

    In Azure AD, I used Azure AD Roles to assign specific cloud-based permissions. For example, certain users were assigned the Global Admin role to manage the company’s Microsoft 365 subscriptions and services, while others were given roles like User Administrator or Security Administrator based on their responsibilities.
     

  • Outcome: ATLAS now had a secure, role-based structure that ensured that users only had access to the resources they needed, both on-premises and in the cloud.

Skills Learned:

  • Setting up and configuring Virtual Machines with Hyper-V for domain controller roles

  • Managing Active Directory Domain Services (AD DS) and DNS configurations

  • Integrating on-premises Active Directory with Azure AD using Entra and Azure AD Connect

  • Managing user creation, group policies, and license assignment within Microsoft 365

  • Implementing role-based access control (RBAC) and Group Policy Objects (GPOs)

  • Understanding security best practices for user management and resource access

bottom of page