Step-by-step guide to integrating an on-premises AD environment with Azure AD

Before we start with the integration process, we need the following:

Valid Azure subscription: We need to have a valid Azure subscription. It can be a pay-as-you-go subscription or a partner subscription. You can also get a free Azure demo account with £150 in credit. More information can be found at https://azure.microsoft.com/en-gb/offers/ms-azr-0044p/.
Global administrator account: In order to set up Azure AD, you need to log in to Azure with an account that has global administrator account privileges.
Access to domain DNS: If you are going to add a custom domain name, as part of the process, you need to verify the ownership of the domain name. This is done by using a DNS record. Therefore, engineers need to have access to DNS servers. This is important if you are using a public domain name (.com, .org, or .net).
Enterprise administrator account: In order to set up and configure Azure AD Connect, the engineers need to be members of the enterprise administrator group in the on-premises AD setup.

Connectivity: The server running Azure AD Connect needs to have connectivity to Azure services. If your DCs do not have direct access to the internet prior to deployment, firewall rules need to be modified to allow the Azure service access on recommended ports.

Once the aforementioned prerequisites are ready, we can move on to the implementation process. In this demo, I am going to cover the following:

Creating a virtual network
Creating an Azure AD instance
Adding DNS server details to the virtual network
Creating an AAD DC administrator group
Creating a global administrator account for Azure AD Connect
Setting up Azure AD Connect:
- Enabling pass-through authentication
- Enabling Azure AD Seamless SSO
Enabling synchronization of NTLM and Kerberos credential hashes to Azure AD