Start / Create Test users and Groups

Create Test users and Groups

In this step, you will

• Create users and groups
• Test synchronisation from Windows AD to Azure AD

IMPORTANT
If this is not a new Azure AD Tenant/Subscription/Windows AD, please make sure that you do not remove/overwrite existing useraccounts or groups

Create users and groups

1. Create at least 10 new users & 5 admin users in the Windows AD:
   For example:
   SamAccountName: DemoUser001
   SamAccountName: DemoUser002
   SamAccountName: DemoUser003
   SamAccountName: DemoUser004
   etc
   SamAccountName: AdminUser001
   SamAccountName: AdminUser002
   etc
   
   You can run the following Powershell script in a Powershell console (as Administrator)
   

    $ErrorActionPreference = "Stop"
    $dc = (Get-ADDomain).DistinguishedName
    $ouName = "WVD Users"
    $path = ("OU={0},{1}" -f $ouName, $dc)
    $ouObject = ""
    try {$ouObject = Get-ADOrganizationalUnit -Identity $path } catch {}
    if (($null -eq $ouObject) -or ($ouObject -eq "")) {
        New-ADOrganizationalUnit -Name $ouName -Path $dc
    }
    $username = "demouser"
    $adminname = "adminuser"
    $count = 1..10
    foreach ($i in $count) {
        $sam = ("{0}{1:D3}" -f $username, $i)
        New-AdUser -Name $sam -Path $path -Enabled $True -ChangePasswordAtLogon $false  `
            -AccountPassword (ConvertTo-SecureString "Micha&BartForProctorsOfTheYear2020" -AsPlainText -force) -PasswordNeverExpires $true -PassThru
    }
    $count=1..5
    foreach ($i in $count) {
        $sam = ("{0}{1:D3}" -f $adminname, $i)
        New-AdUser -Name $sam -Path $path -Enabled $True -ChangePasswordAtLogon $false  `
            -AccountPassword (ConvertTo-SecureString "Micha&BartForProctorsOfTheYear2020" -AsPlainText -force) -PasswordNeverExpires $true  -PassThru
    }
    $domainAdminGroup = Get-ADGroup "Domain Admins"
    $domainAdminGroup | Add-ADGroupMember -Members (Get-ADUser -Filter "name -like 'adminuser*'")
   

   

2. Create 3 AD Groups for WVD assignments later on
   For example:
   WVDWorkshopFullDesktopUsers
   WVDWorkshopRemoteAppUsers
   WVDWorkshopAdmins
   Assign “demouser001”,”demouser003”,”demouser004”,”demouser005”,”demouser006” to the WVDWorkshopFullDesktopUsers group
   Assign “demouser002”,”demouser007”,”demouser008”,”demouser009”,”demouser010” to the WVDWorkshopRemoteAppUsers group
   Assign all adminuser* accounts and your Domain Admin account to the WVDWorkshopAdmins group
   You can run the following Powershell script in a Powershell console (as Administrator)
   

    $ErrorActionPreference = "Stop"
    $dc = (Get-ADDomain).DistinguishedName
    $ouName = "WVD Groups"
    $path = ("OU={0},{1}" -f $ouName, $dc)
    $ouObject = ""
    try {$ouObject = Get-ADOrganizationalUnit -Identity $path } catch {}
    if (($null -eq $ouObject) -or ($ouObject -eq "")) {
    New-ADOrganizationalUnit -Name $ouName -Path $dc
    }
   
    $FullDesktopGroupName = "WVDWorkshopFullDesktopUsers"
    $RemoteAppGroupName = "WVDWorkshopRemoteAppUsers"
    $AdminGroupName = "WVDWorkshopAdmins"
    New-ADGroup -Name $FullDesktopGroupName -DisplayName $FullDesktopGroupName -Path $path -GroupScope Global -GroupCategory Security
    New-ADGroup -Name $RemoteAppGroupName -DisplayName $RemoteAppGroupName -Path $path -GroupScope Global -GroupCategory Security
    New-ADGroup -Name $AdminGroupName -DisplayName $AdminGroupName -Path $path -GroupScope Global -GroupCategory Security
   
    $FullDesktopGroup = Get-ADGroup $FullDesktopGroupName
    $RemoteAppGroup = Get-ADGroup $RemoteAppGroupName
    $AdminGroup = Get-ADGroup $AdminGroupName
       
    $FullDesktopGroup | Add-ADGroupMember -Members ("demouser001","demouser003","demouser004","demouser005","demouser006")
    $RemoteAppGroup | Add-ADGroupMember -Members ("demouser002","demouser007","demouser008","demouser009","demouser010")
    $AdminGroup | Add-ADGroupMember -Members ("adminuser001","adminuser002","adminuser003","adminuser004","adminuser005",$env:USERNAME)
   

Test synchronisation from Windows AD to Azure AD

To test the sync from Windows AD to Azure AD, you can exec these steps:

1. Force a AD Connect sync
   Launch a Powershell console as Administrator
   Exec the following cmdlets
   

   Import-Module ADSync
   Start-ADSyncSyncCycle -PolicyType Delta
   

   Note: If you get an error about the ADSync Module, try
   Import-Module “C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1” Start-ADSyncSyncCycle -PolicyType Delta

1. Open the Azure Portal from the new Azure AD Tenant, and sign in with the admin account from this tenant (admin@{tenant})

   https://portal.azure.com/{tenant}
   

   In my example, this would be

   https://portal.azure.com/wvdworkshopt01.onmicrosoft.com
   

2. Check if the DemoUsers appears in the Azure Active Directory users list (could take a few minutes for the sync to finish)