Configure Azure AD Connect with SSO, Password Writeback and Exchange Hybrid (if needed)

Download and install Azure Ad Connect from your tenant

Select “customize”

Don’t select anything


Select “password Hash Sync” because, if you need the Pass-Through Auth, you need an AD with Win 2012 level.
Enable also the SSO.
Insert ID and PW of your 365’s Tenant Admin
Now select your AD and click “Add Directory”
Select “Use existing AD Account” or let AD Connect  create it.

Now select the “verified” domain, and if isn’t showed you need to add this “label” into your AD “Domain and Trust” .


Select the OU from wich AAD start to sync in the cloud



Leave default.


Select “Sync all users” becouse we’ve selected the OU before.



In the case, you have not only to sync your AD, but if you need to deploy an enviroment with Exchange Hybryd , select also the first option.
Enable “Password writeback” if you need to permit changing pw from the cloud to the premises


Select “Enter credential” and add an AD account with Admin’s rights.



Select Start and then Install

Now we need to create a GPO to add this two sites ad “trusted”:
In this way, we allow to work with SSO.
GPO sections:  Site to Zone Assignment List di User Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page


That’s it