I have Windows Server 2012 R2 Foundation which I want to be a DC named like office1.mycompany.org
for domain mycompany.org
.
All users in that domain should be named like username@mycompany.org
and use that credentials to access file server from their worsktations in same LAN with DC. Joining workstations to domain is not required.
Server does not have an external IP but it have outbound internet access. mycompany.org
domain name is registered with AWS so I can change DNS records as I need.
Next step I planning is to make mailboxes for them using Exchange Online (or is it Office 365 now?). Requirement is they use same address as their logins for domain and same password.
So I read tonns of docs and questions, but still I am totally lost here where to start and what connect to what. Should I first create new domain on my server and then synchronize it? If so, synchronize it to what? As I understand, creating domain for mailboxes at Office 365 automatically creates new Azure AD, so should I synchronize on-premise AD with that directory?
Also I tried to create Azure AD and then connect server (while it still was not promoted to DC) to it using Azure AD Connect ('Use an existing service account' – 'Managed service account') using both custom domain name mycompany.org
and mycompany.onmicrosoft.com
. Both options failed (cannot resolve LDAP DNS record, as I see and I can't find any information on what this SRV record should point to).
Also, my wish (but not a requirement) is I can manage users and groups both from Azure portal and server GUI.
Best Answer
Here's how I have done it: