Configuring Active Directory and Create Users for Intune

Download and own all parts of the blog series in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

In Part 1 of this series, we prepared the Intune environment for mobile device management. We also make sure we got the Intune subscription account.

In Part 2, we will configure Active Directory and create users in Intune to make possible a connection between Configuration Manager 2012 and Intune.

The licensing model for Intune is user based and a single license entitles the user to enroll up to 5 devices.

Active Directory Preparation

In order to prepare your Active Directory, you need to create an alternate UPN suffix to match the domain you added in Intune. See part 1 if that’s not completed.

An UPN suffix is the name of the domain that is added after the @ sign when a domain user account is created. The alternate UPN suffixes will simplify administration and user logon processes by providing a single UPN suffix for all users.

This is the domain that Configuration Manager and Intune would expect users to use when enrolling devices.

•  Open Active Directory Domains and Trusts

• Right-click Active Directory Domains and Trusts
• Click Properties

• On the UPN Suffixes tab
• Type the new UPN suffix that you would like to add to the forest
• Click Add
• Click Ok

The next step is to change the UPN of all your users :

• Open Active Directory Users and Computers
• Browse to the OU where your users reside
• Right click your user and select Properties

• In the Account Tab
• Change the suffix value

Tip : You can also use this PowerShell command to change multiple accounts. Just change the -SearchName and $_.samaccountname value to reflect your environment.

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”Get-ADUser%20-Filter%20*%20-SearchBase%20’ou%3Dxxxx’%20-Properties%20userPrincipalName%20%7C%20foreach%20%7B%20Set-ADUser%20%24_%20-UserPrincipalName%20%22%24(%24_.samaccountname)%40systemcenterdudes.com%22%7D”/]

Intune Users Creation

Your Active Directory Users needs to be synchronized with Intune. You can use Microsoft Azure Active Directory Sync (DirSync) or create your users manually if you have a small amount. For the sake of this post we’ll create them manually.

• Log in your Intune Account console
• In the left pane, click Users
• Click New, User

• Enter your user information, make sure to select the right domain
• Click Next

• Decide if you want to assign administrative access to your user. Learn more about administrator roles
• Set the user location. This is used for licencing reason, it won’t prevent your user to travel
• Decide if you want this user to have administrator permissions to companies you support. Learn more about administrator roles
• Click Next

• Select the default Windows Intune group. This group won’t be used since access will be managed through an SCCM User Collection that we’ll configure later.

• Choose if you wish to receive the user credentials by email
• Click Create
• Wait for the process to complete
• Click Finish
• Repeat the steps if you have more users to create

That’s it, you’ve completed the second step to manage mobile device with SCCM 2012.

Overview | Mobile Device Management with Intune and SCCM 2012

Next Part | Configuring SCCM 2012 Intune integration

mobile device management active directory