Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 4)

If you would like to read the other parts in this article series please go to:

Introduction

In part 3 of this article series revolving around what the Windows Azure service is all about as well as how you deploy an Exchange hybrid deployment in Windows Azure, we began our deep dive into the Windows Azure Active Directory (WAAD) side of things. I explained the relationship between WAAD and Office 365, login methods and how you add an existing Office 365 Active Directory tenant to a Windows Azure subscription.

In this part 4, we will continue where we left of. That is we will continue our deep dive into the Windows Azure Active Directory (WAAD) side of things. More specifically, I will show you how you create a new directory from within the Windows Azure Management portal and add a co-administrator to a Windows Azure subscription. I will also show you how to change the default directory in order to be able to authenticate to the Microsoft Account based Windows Azure subscription using and organizational account.

Let’s get going…

Creating a new Windows Azure Active Directory in Windows Azure

In the last part of this article series, I showed you how to add an existing Windows Azure Active Directory to a Windows Azure subscription and that when doing so the Microsoft Account associated with the Windows Azure subscription is added as Global Administrator in the directory we added.

In addition to adding an existing Windows Azure Active Directory to the Windows Azure subscription, we can also create a new directory from within the Windows Azure Management portal.

Actually, you can add more than one directory to a single Windows Azure subscription, which is pretty cool for organizations or service providers running and managing multiple Windows Azure Active Directories and/or Office 365 tenants. Think about the perspectives here! Not only for Office 365 tenants but also for managing cloud identities used to access other cloud services such as Windows Azure, Windows Intune etc. as well as non-Microsoft cloud services.

If you have not yet created an Office 365 tenant (my scenario in this article series), let us create it right away from within the Windows Azure Management Portal.

Click “Active Directory” > “New” > “Active Directory” > “Directory” > “Custom”, you know the drill now…

This time choose “Create new directory” in the drop-down menu and then enter the name of the Active Directory (I call it Azurelab.dk) and then specify a tenant name (again mine is “azurelab”) and the Country or Region where the tenant should be created.

When done, click the checkmark.

Image
Figure 1: Specifying the name for the new directory

The new directory is being created.

Image
Figure 2

And after a few seconds, you should receive the notification shown in Figure 3.

Image
Figure 3

Just like when you add an existing directory to a Windows Azure subscription, the Microsoft Account associated with the subscription will be automatically added to the directory as Global Administrator.

Image
Figure 4:
Microsoft Account added to the new directory as Global Administrator

The default domain for the new directory (Windows Azure Active Directory) is <tenant_name>.onmicrosoft.com just like you are used to when creating a new Office 365 tenant.

Image
Figure 5:
Default domain for the new directory

Adding a new Global Administrator to the Default Directory

Currently only one account exists in our newly create and now default directory and that’s the Microsoft Account associated with the Windows Azure subscription.

In order to prepare for enabling Office 365 for the directory, let’s create a new Global Administrator that is homed in this directory. To do so click “Users” > “Add User”.

Image
Figure 6: Adding new Global Administrator to the directory

Now specify type of user as “New User in your organization” and enter the alias for this new user.

Click the arrow.

Image
Figure 7: Specifying type of user and the alias for the user

Now enter the “Firstname”, “Lastname” for the new user and then set the role as “Global Administrator”. Also make sure you specify an alternate email address.

Click the arrow.

Image
Figure 8: Entering additional details about the new user

You will now be taken to the “Get Temporary password” page. Click “Create”.

Image
Figure 9:
Temporary password page

You will now see the temporary password and specify an email address to which it should be sent. When you have done so, click the checkmark.

Image
Figure 10: New temporary password

The Global Administrator has now been created.

Image
Figure 11:
Global Administrator created in the new directory

Adding a Co-Administrator to the Windows Azure Subscription

Currently, we can manage the directory tenant we added back in that article using our Microsoft account, but we cannot log in to the Windows Azure subscription using an organizational ID (Global Administrator) belonging to this directory. This is important to note.

Adding the tenant to your default Active Directory subscription makes it possible for you to access and manage everything from one Office 365 Portal and one Windows Azure Management Portal.

We have the option of adding the organizational ID (Global Administrator) a so called “Co-Administrator” to the Windows Subscription under the “Settings” section. However, doing so will result in the error shown in Figure 12.

Image
Figure 12: Trying to add organizational ID (Global Administrator) as Co-Administrator

As you can see in the above figure, the account we add as Co-Administrator must either be a Microsoft Account or be homed in the default directory. We do have the option of adding a global administrator from the Office 365 tenant WAAD to the default directory as shown in Figure 13 and 14, however the account must have been provisioned in the directory not just associated with the directory using the “add user from another directory” option.

Image
Figure 13: Adding user to default directory 

Image
Figure 14: Adding existing user from another Windows Azure Active Directory to the default directory

Okay in order to be able to proceed, we must change the default directory within our Windows Azure subscription. To do so, click “Settings” > “Subscriptions” and then “Edit Directory”.

Image
Figure 15:
Clicking Edit Directory in order to change the default directory

Under the “Edit Directory” page, select the respective directory that should be the default directory in the directory drop-down menu and click on the arrow. 

Image
Figure 16: Changing the default directory for the Windows Azure subscription

We now need to confirm we wish to change the default directory. Do so by clicking on the checkmark.

Image
Figure 17: Confirming the change of default directory

After a few seconds, we receive the notification shown in Figure 18.

Image
Figure 18: Directory edit completed

Now you will see the selected directory listed as the default directory under the “Subscriptions” tab.

Image
Figure 19: New default directory listed under subscriptions

Okay now let us switch back to the “Co-Administrator” page and once again try to add the organizational ID (Global Administrator) as Co-Administrator.

Image
Figure 20: Adding organizational ID (Global Administrator) as Co-Administrator

This time it succeeds and you will see the organizational ID (Global Administrator) listed under “Settings” > “Administrators”.

Image
Figure 21: Co-Administrator added successfully

Image
Figure 22: New Co-Administrator listed under the Administrators page

Now let us log out of the Windows Azure subscription and then try to log into this very same Windows Azure tenant using the organizational ID, we added as Co-Administrator.

To do so enter or select the organizational ID on the Windows Azure login page as shown in Figure 23.

Image
Figure 23: Specifying the organizational ID on the Windows Azure Login Page

Then enter the password for the organizational ID.

Image
Figure 24:
Entering the password for the organizational ID

We are now logged into the Windows Azure subscription using an organizational ID.

Image
Figure 25:
Logged into the Microsoft Account based Windows Azure subscription with an organizational ID

To confirm we are logged into the Microsoft Account based Windows Azure subscription and not the organizational ID based Windows Azure subscription, click “Settings” > “Subscriptions”. Here we can see that this is the correct Windows Azure subscription.

Image
Figure 26:
Subscription details confirms this is the correct Windows Azure subscription

Under the “Administrators” page, we can also see that both the Microsoft Account and organizational ID are listed.

Image
Figure 27:
Both the Microsoft Account and organizational ID are listed

This concludes part 4 of this multi-part article in which I provide you with an explanation of what Windows Azure is and how you configure an Exchange 2013 hybrid lab environment in Windows Azure.

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top