Home

trying to setup LDAPS

%3CLINGO-SUB%20id%3D%22lingo-sub-195622%22%20slang%3D%22en-US%22%3Etrying%20to%20setup%20LDAPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-195622%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3ENot%20sure%20if%20I%20am%20in%20the%20correct%20conversation%20channel.%3C%2FP%3E%3CP%3EWe%20have%20Office365.%2050%25%20of%20our%20users%20are%20on%20premise%2C%20synced%20with%20Azure%20AD%20sync%20(formally%20dirsync)%20and%2050%25%20are%20cloud%20users.%20Everyone%20is%20therefore%20on%20Azure%20AD.%3C%2FP%3E%3CP%3EWe%20want%20to%20setup%20LDAPS%20on%20Azure%20to%20allow%20authentication%20from%20an%20external%20authorised%20VPN%20server%20for%20all%20our%20users.%3C%2FP%3E%3CP%3EWe%20followed%20the%20intructions%20from%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-domain-services%2Factive-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-domain-services%2Factive-directory-ds-admin-guide-configure-secure-ldap-enable-ldaps%3C%2FA%3E%20but%20when%20we%20hit%20Task%203%2C%20we%20found%20out%20that%20there%20is%20no%20default%20Azure%20Domain%20Services.%3C%2FP%3E%3CP%3EIs%20it%20normal%20or%20are%20there%20additional%20steps%3F%3C%2FP%3E%3CP%3EIs%20setting%20up%20LdapS%20when%20only%20using%20Office365%20possible%3F%20if%20yes%2C%20are%20we%20following%20the%20correct%20documentation%3F%3C%2FP%3E%3CP%3EWe%20are%20scared%20to%20manually%20add%20the%20AD%20Domain%20Service%20in%20Azure%20for%20our%20domain%20name%2C%20if%20it%20was%20not%20there%2C%20as%20it%20might%20screw%20up%20all%20our%20Office365%20users%20and%20credentials%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20someone%20please%20put%20us%20in%20the%20right%20direction%3F%20Thanks%20in%20advance%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-195622%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-196140%22%20slang%3D%22en-US%22%3ERe%3A%20trying%20to%20setup%20LDAPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-196140%22%20slang%3D%22en-US%22%3E%3CP%3EAbsolutely%2C%20here%20is%20a%20screenshot%20of%20my%20domain%20services%20as%20you%20can%20see%20there%20are%20no%20users%20or%20groups%20settings%20here%20as%20they%20are%20already%20synchronised%20from%20on-premises.%20Think%20of%20it%20as%20an%20extension%20to%20AAD%20that%20can%20have%20VM's%20joined%20to%20it%2C%20or%20LDAPS%20enabled%2C%20the%20user%20accounts%20are%20totally%20separate%20and%20my%20O365%20is%20operating%20fine%20after%20enabling%20this.%20Note%3A%20if%20you%20already%20have%20Azure%20subnets%20and%20networks%20with%20virtual%20machines%20configured%20you%20will%20need%20to%20decide%20which%20subnet%20this%20is%20going%20to%20be%20on...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F34600i5EFA0A1814BB015E%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Capture2.PNG%22%20title%3D%22Capture2.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-196121%22%20slang%3D%22en-US%22%3ERe%3A%20trying%20to%20setup%20LDAPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-196121%22%20slang%3D%22en-US%22%3EThanks%20Mitch%3CBR%20%2F%3E%3CBR%20%2F%3ESo%2C%20adding%20the%20AD%20domain%20will%20just%20make%20ldap%20available%20to%20be%20able%20to%20authenticate%20our%20current%20users%20that%20are%20on%20Office365%3F%20It%20will%20not%20create%20it%20own%20AD%20(with%20separate%20users%2Fgroups)%20or%2Fand%20take%20over%20the%20users%20on%20Office365%3F%3CBR%20%2F%3EStill%20nervous!%3CBR%20%2F%3EThanks%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-196120%22%20slang%3D%22en-US%22%3ERe%3A%20trying%20to%20setup%20LDAPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-196120%22%20slang%3D%22en-US%22%3EThanks%20Mitch%3CBR%20%2F%3EYes%2C%20I%20realised%20that%20we%20need%20to%20create%20the%20AD%20services%2C%20but%20we%20do%20not%20know%20if%20it%20will%20create%20a%20separate%20AD%2C%20or%2Fand%20take%20over%20the%20one%20that%20contain%20all%20our%20Office365%20users%20(some%20synced%20one%20way%20from%20premise%2C%20some%20on%20the%20cloud%20only)%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-195739%22%20slang%3D%22en-US%22%3ERe%3A%20trying%20to%20setup%20LDAPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-195739%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20will%20not%20affect%20office%20365%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-195738%22%20slang%3D%22en-US%22%3ERe%3A%20trying%20to%20setup%20LDAPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-195738%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20need%20to%20log%20into%20the%20Azure%20portal%20with%20your%20tenant%20admin%20credentials%2C%3C%2FP%3E%3CP%3Ethen%20go%20to%20all%20services%20(top%20left)%20then%20type%20in%20%22domain%22%20you%20will%20see%20%22azure%20AD%20domain%20services%22%3C%2FP%3E%3CP%3EYou%20will%20then%20need%20to%20%22create%20azure%20ad%20services%22%3C%2FP%3E%3C%2FLINGO-BODY%3E
V C
New Contributor

Hi

Not sure if I am in the correct conversation channel.

We have Office365. 50% of our users are on premise, synced with Azure AD sync (formally dirsync) and 50% are cloud users. Everyone is therefore on Azure AD.

We want to setup LDAPS on Azure to allow authentication from an external authorised VPN server for all our users.

We followed the intructions from https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-gu... but when we hit Task 3, we found out that there is no default Azure Domain Services.

Is it normal or are there additional steps?

Is setting up LdapS when only using Office365 possible? if yes, are we following the correct documentation?

We are scared to manually add the AD Domain Service in Azure for our domain name, if it was not there, as it might screw up all our Office365 users and credentials

 

Could someone please put us in the right direction? Thanks in advance

5 Replies

You need to log into the Azure portal with your tenant admin credentials,

then go to all services (top left) then type in "domain" you will see "azure AD domain services"

You will then need to "create azure ad services"

This will not affect office 365

Thanks Mitch
Yes, I realised that we need to create the AD services, but we do not know if it will create a separate AD, or/and take over the one that contain all our Office365 users (some synced one way from premise, some on the cloud only)
Thanks Mitch

So, adding the AD domain will just make ldap available to be able to authenticate our current users that are on Office365? It will not create it own AD (with separate users/groups) or/and take over the users on Office365?
Still nervous!
Thanks

Absolutely, here is a screenshot of my domain services as you can see there are no users or groups settings here as they are already synchronised from on-premises. Think of it as an extension to AAD that can have VM's joined to it, or LDAPS enabled, the user accounts are totally separate and my O365 is operating fine after enabling this. Note: if you already have Azure subnets and networks with virtual machines configured you will need to decide which subnet this is going to be on...

 

Capture2.PNG

Related Conversations
SPFx Dev Environment Toolchain Warnings
Charisma Riley in SharePoint Developer on
7 Replies
A problem with the Zoom level of a Tab
Tavory in Discussions on
9 Replies
Impact of Microsoft enforcing LDAPS
Gurdev Singh in Azure Active Directory on
1 Replies
Problems with Setup - Surface Hub 2s
steveap in Surface Hub on
1 Replies
Surface HUB provisioning
Petri X in Surface Hub on
4 Replies