Introduction to Hybrid Infrastructure

Name: Install Azure AD Connect V2 to Synchronize on-prem AD users ! Advanced M365 Course DAY-8
Uploaded: 2026-03-03T15:20:13.180370+00:00
Channel: Teach Me Cloud
Description: Summary and key takeaways on Introduction to Hybrid Infrastructure, covering to Hybrid Infrastructure In this session of the advanced Microsoft 365 course, we

Teach Me Cloud

Mar 03, 2026

•

3 min read

YouTube video ID: 8KPc7FyOg7Q

Source: YouTube video by Teach Me Cloud — Watch original video

PDF

In this session of the advanced Microsoft 365 course, we move from self‑service password reset (SSPR) and multi‑factor authentication to building a hybrid infrastructure. The focus is on synchronizing on‑premises Active Directory (AD) users to Azure Active Directory (Azure AD) using Azure AD Connect V2. This tool works with Windows Server 2016, 2019, and 2022 and enables hybrid mail services and migration scenarios.

Prerequisites for a Successful Deployment

Before installing Azure AD Connect, two main prerequisites must be satisfied:

Office 365 side – Create an Azure AD user that is a member of the Global Administrator role. This account will be used during the Azure AD Connect wizard.
On‑premises side – Download the Azure AD Connect tool (approximately 146 MB) and install it on a server that hosts Active Directory Domain Services (AD DS). The server must have an Enterprise Administrator account for AD DS.

A minimum internet bandwidth of 20 Mbps is recommended to ensure smooth synchronization.

Synchronization Protocols and Core Services

Azure AD Connect relies on HTTPS and the Service Bus to exchange data securely between the on‑premises AD and Azure AD. The tool provides several core services:

Password Hash Synchronization – Copies password hashes to Azure AD.
Password Write‑Back – Allows password changes in Azure AD to be written back to on‑premises AD.
Pass‑Through Authentication – Validates passwords against the on‑premises AD in real time.
Single Sign‑On (SSO) – Enables users to sign in once and access both cloud and on‑premises resources.
SSO with ADFS – Extends SSO using Active Directory Federation Services.
Custom User Synchronization – Lets administrators select specific objects for sync.
Custom UPN Suffixes / Alternate UPN Suffixes – Supports non‑standard user principal names.

Practical Implementation Steps

On‑Premises Domain Controller Setup
A virtual machine was created in VMware Workstation running Windows Server 2016.
The domain was named cloud.com.
Three test users—Tata, Telnet, and Cloud—were added to AD DS.
Office 365 Portal Preparation
In the Microsoft 365 admin center, the instructor navigated to Azure AD → Users → All users.
Existing demo users were deleted to start with a clean slate.
A Global Administrator account [email protected] was created.
Azure AD Connect Installation
The Azure AD Connect V2 installer (≈146 MB) was downloaded and launched.
The Global Administrator credentials ([email protected]) were entered.
Enhanced security was turned off when prompted.
The on‑premises Enterprise Administrator credentials were supplied.
Because the on‑premises domain cloud.com was not verified in Azure AD, the wizard displayed “Continue without matching UPN suffix.” This option was selected, allowing the sync to proceed despite the missing custom UPN suffix.
The installation completed after the required checks.

Verification of Synchronization

After Azure AD Connect finished, the instructor opened dsa.msc on the domain controller to confirm the presence of the three on‑premises users. In the Azure AD portal, the same users appeared, but each was associated with the default onmicrosoft.com domain. This outcome occurs when a custom UPN suffix is not configured or matched between the on‑premises AD and Azure AD.

The demonstration confirms that Azure AD Connect V2 can successfully synchronize on‑premises identities to Microsoft 365, even when the on‑premises domain is not yet verified in Azure AD.

Takeaways

Azure AD Connect V2 enables synchronization of on‑premises Active Directory users to Azure AD for hybrid Microsoft 365 environments.
A Global Administrator account in Office 365 and the Azure AD Connect tool installed on an on‑premises server are essential prerequisites.
Core Azure AD Connect services include password hash sync, pass‑through authentication, and single sign‑on, all using HTTPS and Service Bus protocols.
During installation, the option to continue without matching UPN suffix allows sync to proceed even if the on‑premises domain is not verified in Azure AD.
After a successful install, synchronized users appear in Azure AD, often under the default onmicrosoft.com domain when no custom UPN suffix is configured.

Frequently Asked Questions

Who is Teach Me Cloud on YouTube?

Teach Me Cloud is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Azure Ad Connect Recommended

Provides the essential tool for syncing on‑premises AD users to Azure AD, enabling hybrid identity management.

Amazon →

Vmware Workstation

Allows you to create a virtual on‑premises domain controller for testing Azure AD Connect deployments.

Amazon →

Windows Server 2016

Supported operating system for installing Azure AD Connect V2 and hosting the on‑premises AD DS.

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

welcome back once again to my YouTube
class I am manjit ravati your online
instructor we are on page of advanced
Microsoft 365 course and in previous
class we discussed about how we can
manage sspr and multi-factor
Authentication
so I hope you guys are able to
understand about the difference between
multi-factor authentication and
self-service password reset
going to move ourselves to next topic
related to Azure acted acting but in
this case I am going to help you to
understand about set up a hybrid
infrastructure by using Azure ready
connect tool as we know that Microsoft
did lots of changes with our Azure ID
connect tool now we need to use Azure
ready connect V2 version 2 which is
applicable for the latest server
operating system like 2016-2019 and
2022.
so let me help you and give you complete
information about Azure ready connect
and creating a hybrid infrastructure
will give you the
basic to expert level of information in
this video
so let's try to understand about the
concept first and after that we'll move
our cell to
implementation process because I have
already created one domain controller on
on-premises using VMware Workstation and
[Music]
we know that we have a one
Office 365 tenant so by using our Office
365 tenant will create our hybrid
infrastructure
but before that uh let me help you let
me start with the the very basic things
like the prerequisite
configure
hybrid
setup right we are trying to set up our
hybrid infrastructure because if you
want to create a migration if you want
to use a hybrid mailing services so
definitely as you ready connect come
into the picture
so in this case for example this is our
Office 365 portal right this is our o365
portal and this one is our on-premises
domain controller
I will add exchange server on
on-premises later but firstly we need to
synchronize the on-premises users to
Microsoft 365 portal
this is m365.
portal right Microsoft 365 portal and in
the Microsoft 365 portal we are able to
find one option which is called Azure
active directory right admin Center in
try admin Center
so in on-premises I have already set up
my domain controller with name of
cloud.com right this is uh our adds
machine and the server that I used is
server 2016 right so our 2016 we
establish our non-promises
and our responsibility to create few
users using our local uh ad like user
one user 2 user three example n number
of users we are able to create our
non-premises
okay so our responsibility to
synchronize these users
from on-premises ad to Azure active this
is our agenda basically
so in this case we are responsible to
setup we should know about the entire
prerequisite we should know about the
procedure and components those
components are available in Azure ready
connect tool
this is our responsibility so let me
start from the very basic this is our
Office 365 portal so Office 365 portal
over Office 365 portal you need to
create one user right ad user as
directory user
and your user must be member of domain
Global administrator
add Global admin role
at Global admin role that you created
means you you your user must be a part
of global administrator that's it and in
on-premises what are the prerequisite in
on-premises download
Azure ready connect tool yes you need to
download Azure ad connect tool
it's a type of agent that help us to
create a synchronization that help us to
synchronize our users from on-premises
to acidity
second option you should install the
tool and synchronize
on
80 right install
on ad on-premises ads here because this
is the actual active domain services
clear so these all are the predictions
that we need to keep in mind if you want
to synchronize the users from
on-premises editors
Second Step what we need to do we must
need to know about the components those
components can help us to synchronize
our services not component we should
know about the protocols
in this case you should know about the
protocols those protocols can help us to
synchronize our
ad users on-premises adds users to Azure
act directly because sometime
interviewer will ask you question like
which protocols can help us to
synchronize user from on-premises ID to
Azure ID two important Protocols are
responsible to synchronize the users
from on-premises editor as you ready
first is
https and second one is service bus
right https and service bus
protocols can help us to synchronize our
users from on-premises ad to as reactor
directory
right apart from the protocols we should
know about the core Services of azure
ready connect yes I'm talking about the
core Services of code Services of
Azure ad connect
multiple services are available in Azure
ready connect like I'm going to start
from the very basic
password hash synchronization okay
password has synchronization
second one is password write back
and number third
pass through Authentication
pass through authentication and one more
point just wanted to add yes number of
points are available
single sign and non single sign-on and
SSO edfs
we are responsible to understand about
the concept of
custom user synchronization yes this is
the part of SD ready connect
custom
users synchronization
and we are responsible to manage what we
can say
custom UPN suffix are alternate European
suffixes
custom
UPN user principal name suffix
so these all are the components that uh
that available these services are
available in as you ready connect so
everything is okay this is the
theoretical part and our responsibility
to perform each and every practical by
using our setup so let me help you to
understand
I'm going to move ourselves to
on-premises domain first that I
installed on on premises VMware
Workstation using VMware Workstation and
the server name is class.com and the
server operating system that I used is
server 2016 because we are trying to set
up our V2 as ready connect to V2 tool
so let me create few users because our
responsibility to synchronize the users
from on-premises ad to Azure ID
click on the user icon and let me create
few users like the first user I'm going
to create with name of Tata
second user let me create with name of
telnet
one more user I want to create using our
on-premises domain
the another user that I'm planning to
create with name of cloud Okay the third
user
I want to create cloud
okay now we successfully okay you must
need to use the name
in your password so you must need to
change your password because before I
use cloud at123 so do not use
the name and password
so we successfully created three
different user Tata telnet and Cloud now
I'm going back to the Office 365 portal
and open admin Center
and then we'll open our intra admin that
is azure active directory
show all and select identity
it will give us option to login or sign
in again
everything is okay we just need to click
your users all users number of users I
have already created so let me delete
few users as you gcp because I'm going
to show you from very basic so let me
remove the existing user that you can
understand about the actual usage of
hybrid environment
as per the prerequisite that we
discussed like you need to create one
user and add it as a global
administrator
so I'm going to create one user with
name of gcp no problem let me create gcp
Global Google Cloud platform and provide
your password
and next next assignment definitely you
must need to make it member of global
administrator so select role and add the
role existing rule the built-in role of
global administrator
we just need to assign the role and now
review and create
done we successfully created one user
and the user gcp is member of global
administrator
we could be the prerequisite of azure
portal now it's time to move ourselves
to on-premises this is our on-premises
domain and in on-premises domain you
need to download one tool the tool name
is download
Azure ad connect right so you can
directly download from Microsoft site
okay
download
Azure ad connect V2 version 2 as we
discussed
the capacity of V2 is just 146 MB So
within second you are able to download
this particular tool on your base
machine on your domain controller and
proceed to install
so I'm going to copy it because I
downloaded it on our base machine base
machine in the sales because I am going
I'm I'm using VMware Workstation so
that's why
I'll proceed to install very simple
steps that we need to use to synchronize
the users
this is the base because if you have
idea about the hybrid environment
definitely you are able to configure
migration and you you can manage your
hybrid mailing services
this is First Option where we can
provide the global administrator account
so the global administrator account that
we created with name up
gcp at teachmecloud.net
provide the password
and click next it may be ask you to
reset your password
okay you need to
turn off the
EI
enhanced security so I'm just going to
turn off it
otherwise it will give you the error
related to the JavaScript
and make sure the domain controller that
you want to synchronize with acid ready
should be connected with minimum 20 in
10 20 Mbps of internet speed so it's
mandatory for us
gcp at
teach me cloud
dot net
and provide password
this is first time so that's why you
need to reset the password
I don't want to create multi-factor
authentication right now because our
responsibility to just synchronize will
configure MFA later
foreign
once you provide the password of our
Global administrator account it will
redirect you on another page this is a
interactive active domain active
directory domain services Enterprise
administrator credentials so it means
that you should provide
domain name and then slash so we log in
our system on premises machine with the
help of administrator so that's why I'm
going to provide the credential of our
on-premises ad user password
foreign
right so we successfully provided and
unfortunately we don't have a custom
European right the continue without
matching up in suffix actually the
issues related to continue without
matching UPN it means that the domain
that you created or non-promises
cloud.com which is not available overall
Edge directed acting means you haven't
purchased or assigned or synchronized or
at the same domain from uh go ready to
365. so that's why I'm going to proceed
with without matching
install this is final step and you have
to wait up to two to three minute and
once our ad connect successfully
installed we are able to find the entire
users that we created on on-premises so
let me open DSA dot MSC
and Cloud Tata and telnet three
different users are available on
on-premises
so we should wait and once our ad is
ready to use means once our active
directory domain activity connect is
installed successfully will find the
entire users on Azure ID panel so this
is our Azure ready panel and
unfortunately we have only one user
sorry two different user available one
is JCP and another is support so you
will find the entire users that we
created on on-premises so you have to
wait for few minutes
okay so installation of a deconnect
successfully installed and now it's time
to check and verify the number of users
that we created on on-premises must be
available over as your ad portal so let
me rephrase it and yes we are able to
find cloud and Tata and telnet and
unfortunately the entire users are
associated with on microsoft.com only
because you don't have a domain that you
associated with Microsoft Azure ad which
is not available in on-premises which is
considered as alternate UPN suffix so
we'll try to give you the complete
information about the meaning of
alternate European suffix in upcoming
session
so I hope you guys are able to
understand about the points that we
discussed in this particular class and
if you have any question or if you have
any doubt please let me know and drop a
comment
do subscribe your on teach me Cloud
YouTube channel take care guys we'll
connect soon with another video take
care