In the previous 2 blogs I have prepared the ConfigMgr environment for Mobile Device Management (MDM), well I made a beginning to first create the subscription http://focusonsystemcenter.nl/?p=216 and then I created the Windows Intune Connector role http://focusonsystemcenter.nl/?p=245 Now I will take a next step in the process.

What I want to accomplish is that my management is handled from ConfigMgr and that my internal users can access the Intune portal with their already used credentials. I defined a user collection in ConfigMgr for users that are allowed to use the Intune portal and their mobile devices. Windows Intune offers synchronization from your internal AD to Intune. The sync process is handled with a tool called Dirsync. When you sign up for an Intune trial, you get a username looking like rverbeek@rlvit.onmicrosoft.com, however you probably want to use your internal domain credentials, in my case rverbeek@rlv-it.nl. Also when you create a new user you want the object to be automatically created in Windows Intune. To get this all going, go to the Windows Intune console and click on users. You will see something like the picture below.

IntunConsole_02

You choose for Active Directory Set up and al the steps you need to take are shown in the next picture.

DirSync_01

What I actually did is that I created a VM in my testlab to install the things needed for the DirSync tool. From this machine I opened the Intune console and followed the steps. Step 1 is clear, so then step 2…. Verify your domain, this presented me with the following issue in my testlab. My internal domain is called rlv-it.com, but I do not own that domain, I do own rlv-it.nl so that is the domain I can verify and sync with Windows Intune. For management with ConfigMgr to work my users should have a upn that represents the verified domain, in my case @rlv-it.nl. You can do that by adding the upn in your domain (In domains and trusts) and change the user accounts to reflect that upn name. So having done that I go to step 3  and click Activate (see picture below) and continue with step 4 Download. I actually choose to run the download immediately to install and configure the Dirsync tool in one go. Below you can see the screenshots of the installation and configuration.

DirSync_02

DirSync_03

DirSync_04

DirSync_05

DirSync_06

DirSync_07

DirSync_08

I choose to keep the checkbox checked and go through the configuration. The screenshots are below.

DirSyncConf_01

In the next screen you will have to fill in your Windows Intune credentials. It is a good practice to create credentials especially for this purpose (I did not for this demo)

DirSyncConf_02

Then the AD credentials and again create a new user especially for the sync is a good practice (I did not… )

DirSyncConf_03

DirSyncConf_04

DirSyncConf_05

DirSyncConf_06

Keep the checkbox ticked to get synchronization started.

DirSyncConf_07

DirSyncConf_08

If everything is good the internal domain will be sychronised to Windows Intune. Maybe interesting to know that on the dedicated machine I have set up for DirSync the following programs have been installed.

Dirsync_progs_01

Next thing to check is if synchronization has been successful, so I open the Intune portal and see below the screenshot.

Synced_users

And … synchronization happened (the picture shows only 2 users, but I thought I did not need to make a bigger screenshot). Well this concludes blog 3, time to enroll a Windows RT device, however that I will describe in the next blog.

 

 

 

 

 

twitterlinkedintwitterlinkedin