Windows Server + Exchange +office365 Hybrid Deployment (iv)

Windows Server + Exchange +office365 Hybrid Deployment (iv)

In our previous article, we described the installation and simple configuration of Windows Server + Exchange + Office365 to prepare for a hybrid deployment, but the last step is to install the ADFS configuration ADFS is a relatively easy way to make a local account available for single sign-on to Office365 through the local domain, and the ADFS server is a feature that comes with the Windows system, so we can't download the installation separately. SERVER2016 is installed and configured, but one problem is that ADFS under Windows server2016 is 4.0, which requires that the certificate contain an alternate name and cannot be increased by a third party request for free, so we are forced to replace Windows Server 2012R2;

We first apply for a free public network certificate, the certificate name must be ADFS.domain.com;

The certificate is then imported to the ADFS server under the personal certificate of the local computer, where we have already completed the import;

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M02/06/22/wKiom1myMx7xzfG_AAEp6wFUzzY435.png "height=" 358 "/>

Then install the ADFS role on the server

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M00/06/22/wKiom1myMx7BYktrAAG5Gs6f4jA049.png "height=" 454 "/>

After waiting for the role to be installed, we can configure the configuration;

We chose the certificate we just imported, because the previous version of 2012r2 forgot, so take the Windows Server 2016 configuration diagram

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" http:// S3.51cto.com/wyfs02/m00/06/22/wkiom1mymx_ylrawaad1srajf_q105.png "height=" 351 "/>

Then specify a service account;

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M02/A4/D3/wKioL1myMv6xAiCPAAEP6EbAe3E430.png "height=" 396 "/>

Start configuration

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M01/06/22/wKiom1myMyCy01wiAAFqsfamY3U500.png "height=" 428 "/>

Until completed;

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M01/A4/D3/wKioL1myMv_Ql-dSAADgMcajGfc244.png "height=" 428 "/>

If it is under Windows Server 2016, a third-party certificate does not specify a certificate alternate name, and an error occurs;

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M01/A4/D3/wKioL1myMwDRUA68AAH5EwuC_pg947.png "height=" 457 "/>

After the ADFS service configuration is complete, we start to create a trust relationship with ADFS to Office365;

This error we need to execute under Azure Poershell;

We first download and install Azure Powershell, which is very small after the upgrade, so it is more convenient;

http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185

We'll install it through the chain above

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/06/22/wKiom1myNgeAkaXZAACe8KJHKZ0587.png-wh_500x0-wm_ 3-wmp_4-s_975533087.png "title=" Qq20170908141648.png "alt=" Wkiom1myngeakaxzaace8kjhkz0587.png-wh_50 "/>

After downloading the installation, we open

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M02/A4/D3/wKioL1myMwHBmtqXAAC2Gn58Qhs571.png "height=" 388 "/>

We are now executing the command is different from the previous command, need to add a parameter, or it will be an error-the account information entered does not exist, etc.

$cre =get-credential

You will be prompted to verify your office365 AAD account information once executed

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M02/06/22/wKiom1myMyPgNSm9AADeBOVKsEo787.png "height=" 412 "/>

Then execute the following command: Once you are done, you will be prompted to verify once again

Connect-msolservice-azureenvironment "Azurechinacloud"

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M02/06/22/wKiom1myMyPgAOI8AADEl1kWi-Q628.png "height=" 424 "/>

Convert-msoldomaintofederated-domainname byssoft.com

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M00/06/22/wKiom1myMyOx_SdzAADK58-PkTE162.png "height=" 413 "/>

We test SSO; we visit the Office365 management portal

https://portal.partner.microsoftonline.cn;

The account format used for ADFS login is the local domain format

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M00/A4/D3/wKioL1myMwmDRHYMAAWZWieysOM750.png "height=" 346 "/>

When you switch to the Password entry box, you are prompted to redirect

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M02/A4/D3/wKioL1myMw7QTj5NAAUdxhcp9zk278.png "height=" "/>"

Prompt for password for verification

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M01/06/22/wKiom1myMzGzSVxQAAFNvqZU0mc707.png "height=" 291 "/>

Login is successful, but the user does not have a office365 subscription

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M01/A4/D3/wKioL1myMxCDk3r0AAF3rl6fBfo714.png "height=" 280 "/>

We can see that the user does not have any subscriptions;

We are on the admin page--Active user--double click to open Edit user---assigned license---Edit

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M02/06/22/wKiom1myMzODIVP1AADcnlaf4-c968.png "height=" 280 "/>

We choose to assign a subscription

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M00/06/22/wKiom1myMzOjfzmrAAC_kNQAxUg599.png "height=" 251 "/>

Confirm after saving

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M01/06/22/wKiom1myMzWRxRDhAADPj3-DMPA048.png "height=" 252 "/>

We refresh, found that the user has been able to see the management information, is set because the user is logged on for the first time, so the system needs to load the settings

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M00/06/22/wKiom1myMzazVkNXAAGNIttL6bU952.png "height=" 342 "/>

From the above, ADFS is working properly;

This article from "Gao Wenrong" blog, declined reprint!

Windows Server + Exchange +office365 Hybrid Deployment (iv)