When moving things to the Cloud, 9 times out of 10 you will need an identity. With Azure Active Directory providing Single Sign On across a vast of Enterprise applications as well extra security layers such as multi-factor authentication and conditional access policies, the identity service provided by Microsoft is a good choice.
All these great features, but how can you sync your existing identity with the cloud? In this post, I am going to help you prepare for that move with an interactive PowerShell script.
About Azure Active Directory
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:
- External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
- Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.
It entails features such as single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
Prep Steps for Syncing Directories
- Option 1: Soft match with user principal name
- Option 2: Hard match with immutable ID
The preparation method we will talk about is soft matching. We will need to add new UPN suffixes to our users and change these to ensure we have the correct user@domain.com rather than user@ad.domain.local.
Using the Script
The PowerShell script I have written allows you to do the following in your AD:
- Check your current UPN suffixes
- Add a new UPN suffix
- Change UPN for an OU (Includes sub OU’s. Can be used for whole directory)
- Change all users from old suffix to new
- Search a UPN suffix for users
You can download the script at the following link:
https://raw.githubusercontent.com/decturau/PowerShell-Scripts/main/ActiveDirectory/Manage-UPN.ps1