As an IdMaaS service, Azure AD enables you to create multiple directories that you can use for testing or other non-production usage, or for managing data synced from various on-premises identity directories, etc. The classic Azure management portal enables you to add directories and manage existing ones. You can then manage all your directories from the portal.
These directories are fully independent resources. In other words, as noticed before, each directory is a peer, fully-featured, and logically independent of other directories that you manage. There is no parent-child relationship between directories.
Note For more information, see the blog post Creating and Managing Multiple Azure Active Directories70.
Adding a new directory
To add a directory, proceed with the following steps:
-
Open a browsing session and navigate to the classic Azure management portal at https://manage.windowsazure.com.
-
Sign in to the Azure management portal with the credentials of your Microsoft account.
-
In the management portal, click NEW in the tray of the bottom, and then select APP SERVICES, ACTIVE DIRECTORY, DIRECTORY, and then CUSTOM CREATE. An Add Directory dialog pops up.
-
In the Add directory dialog, configure the basic properties for your new directory, i.e. its name, default domain name, and the country or region as follows:
-
In Name, choose a name for the directory that will help distinguish it from your other directories in your Azure subscription, for example “Fabrikam Corporation”.
Note If the directory you're creating is to be used in production, choose a name for the directory which your users will recognize as the name of your organization. You can change the name later if you want.
-
In Domain name, choose a default domain name which you can use to bootstrap usage of this directory, for example “corpfabrikam.onmicrosoft.com”.
Note While the default domain cannot be changed, later you can add a custom verified domain owned by your organization (e.g., “fabrikam.com”) to enable better user experiences for sign on to that directory, or for synchronizing with the on-premises identity infrastructure.
-
In Country or region, choose a country or region for your directory. This setting is used by Azure AD to determine the datacenter region(s) for your directory. It cannot be changed later.
-
Leave uncheck This is a B2C directory.
-
Then, click the check mark icon in the lower right of the dialog, and in a few seconds you'll see that your new directory has been created and is available for use.
Your user account is included in that new directory, and you're assigned to the global administrator role. This enables you to manage the directory you created without signing in as a different user of that directory. As an administrator of a directory, you can also add users from another directory of which you're a member. This is useful, for example, where there are users in your production directory who will need to collaborate on an application that is under development or testing in a non-production environment. A user can be a member of up to 20 directories.
Note For additional information, see the MSDN article Azure AD service limits and restrictions71.
Using an existing directory
If you access the Azure management portal with a Microsoft account, you can configure your Microsoft account to manage an existing Azure AD that's used for Office 365 or another service, even if your Microsoft account already manages an Azure AD directory tenant.
To configure a Microsoft account to manage an existing directory, proceed with the following steps:
-
Open a browsing session, navigate to the classic Azure management portal, and sign in with the credentials of your Microsoft account.
-
In the management portal, click NEW in the tray of the bottom, and then select APP SERVICES, ACTIVE DIRECTORY, DIRECTORY, and then CUSTOM CREATE. An Add Directory dialog pops up.
-
In the Add Directory dialog, change the DIRECTORY dropdown from the default Create new directory to Use existing directory.
-
Click I am ready to be signed out now.
-
Click the check mark icon in the lower right of the dialog to continue.
-
Upon signing out, you'll see the sign in screen for Azure AD. Enter your user name and password for the global administrator account in the Azure AD directory tenant that you want to manage using your Microsoft account.
Note You can authenticate either with a Microsoft account or an organizational account.
-
Once signed in, you'll see the dialog hereafter.
Click continue to add your Microsoft account as a global administrator of the existing directory.
-
Once that's completed, click the link to sign out of your organizational account. Then, you can sign in to the Azure management portal as your Microsoft account user, and can manage the directory to which you added the Microsoft account.
You can manage this directory tenant like other directories for which you’re a global administrator.
Share with your friends: |