1. Create domain “dev.ajf8729.com in DigitalOcean
  2. Configure domain “dev.ajf8729.com” in Azure AD
  3. Configure LABDC01A for TLS 1.2
  4. Install Azure AD Connect on LABDC01A (2.0.28.0 as of 2021-11-02)
  5. Disable IE Enhanced Security Mode
    • Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0
  6. Initial setup
    • Step 01
    • Step 02
    • Step 03
    • Step 04
    • Step 05
    • Step 06
  7. Move AADC related objects to T0 OU
    • Get-ADGroup -Filter "Name -like 'ADSync*'" | Move-ADObject -TargetPath "OU=T0,DC=lab,DC=dev,DC=ajf8729,DC=com"
    • Get-ADUser -Filter "Name -like 'MSOL_*'" | Move-ADObject -TargetPath "OU=T0,DC=lab,DC=dev,DC=ajf8729,DC=com"
    • Get-ADServiceAccount -Filter "Name -like 'ADSync*'" | Move-ADObject -TargetPath "OU=T0,DC=lab,DC=dev,DC=ajf8729,DC=com"
  8. Customize synchronization options
    • Step 01
    • Step 02
    • Step 03
    • Step 04
    • Step 05
    • Step 06
    • Step 07
  9. Configure hybrid join
    • Step 01
    • Step 02
    • Step 03
    • Step 04
    • Step 05
    • Step 06
    • Step 07
    • Step 08
  10. Configure device writeback
    • Step 01
    • Step 02
    • Step 03
    • Step 04
  11. Enable Seamless SSO