June 6, 2013 Leave a comment
Hey everyone! Another ambitious plan that didn’t quite get completed. Here we are in the early morning of the final day of TechEd North America and I didn’t get all the cheats posted. I want to get one more out so I’m going to tackle the fourth IT pro challenge, Active Directory
So there’s a bit of a catch with this one, and it’s a catch that caught a few folks I talked with yesterday. If you belong to an organization that’s on Office 365 (and as a Microsoft employee, I’m in this category), you will need to be a “domain admin” for the first part of this challenge. So if you’re doing this step, I would actually encourage you to do this challenge on a separate subscription. A free trial will work fine. Additionally, due to current limits we have in place, you can’t alter or delete an Azure Active Directory domain once it’s been created. So yet another good reason to put this on a separate subscription as well as not use a name that you may someday want to use in production. I know this limit seems silly, but we have our reasons. And this has been hashed out elsewhere, so for now let’s just focus on the challenge at hand.
For the first step in this challenge, we will create an active directory domain. We’ll log into our free trial subscription and click on the pyramid shape along the left to access the identity management section of the management portal. Next, we’ll click on the “+ New” to create a new domain. We’ll get a quick pop-up asking for a domain name and a few other details, but within a couple minutes we’ll have our Azure Active Directory created.
Next, we’re going to select that domain, and add a new user by clicking on the “Add User” option in the toolbar. In the resulting pop-up we’ll designate the type of user (I’m going to create a new one), the users name, the domain they’re in. On the next tab, you designate the profile. In this section we’ll need to make sure we set our user as a “global admin”. This option (in addition to other things), gives us the option of enabling 2-factor authentication which is a requirement for this challenge.
We’ll create a temporary password for my new user and email it to them (me in this case). After a few minutes, the password email should come through and we’re ready to set up the user. Meanwhile, let’s get the user added as an administrator on the subscription.
Back in the management portal, we’ll scroll down to the bottom of the left toolbar, and select “settings”. Then on the settings page, select “Administrators” (you should see you current Microsoft account listed), and select “Add” from the toolbar along the bottom. We’ll get the “Add a Co-Administrator” dialog which we just need to complete (using the email address of the domain user we just added).
Make sure you click the checkbox to add the user as an administrator to the subscription, then you should be all set up.
In the time it took us to create add the user as a co-admin to the subscription, we should have received the temporary password. So lets log out of the management portal and log back in using our new administrative user. When you go to sign-in, be sure to designate it as an organizational account and we’ll be prompted to change our temporary password.
Since this is the first time we’ve logged in with this new account, we’ll also be prompted to provide the additional information or two factor authentication. I went ahead and just had it use my mobile phone and just call me (you can have it text you instead).
You’ll get a call/text to verify the phone, then we’re ready to finally log in! We’ll get called again, this time to verify we want to log in. If all has gone well, we’ll see the management portal for our Windows Azure subscription along with the “Windows azure Tour” dialog wizard.
And that’s all there is to step 4. I still want to get 5 done, but that will likely have to wait until tomorrow afternoon when show is over and things have returned to a state of normal (after I dig through my backlog of email). So until then, good luck with the challenge and I hope to see you at the booth this morning!