Step by Step Azure AD Sync Installation Guide (Part 2)

In this article we will install and configure the Azure AD Sync tool to synchronize on prem identities with office 365. Part 1 of this article series revolves around the prerequisites required to install and configure Azure AD Sync tool. We’re already done with Azure AD Sync tool prerequisites and has created the required service account on Office 365 and on prem active directory.

Let’s get started with Part 2 of this series.

Azure AD Sync Installation

  • To install Azure AD Sync tool, login to Sync server using the on prem local active directory service account. In our case, local active directory service account name is AAD@mstechtalk.com
  • You can download the most recent version of Azure AD Sync using the following link of Microsoft Website.
  • If there are 100,000 or less objects in AD to sync to Office 365 you can use SQL express, If more objects are needed then a full version of SQL is required.
  • The minimum recommended hardware requirements for the synchronization server in relation to how many objects you have in your on-premises Active Directory can be found on Technet.

It’s recommended that you should use a separate machine for Azure AD Sync tool installation. Azure AD Sync tool should not be installed and configured on Domain Controller and ADFS server as it’s not recommended.

  • Let’s get started with the installation of Azure AD Sync tool. To start the installation process, launch the executable called MicrosoftAzureADConnectionTool.exe

Setup

  • Once you run the executable, Click YES on User Account Control pop up to start the process.

a (2)

  • Windows Azure AD Sync setup will being, specify the path to install the tool. In our case, we’re using the default installation path.

Step by Step Azure AD Sync Installation Guide

  • Once you click on install, Azure AD Sync will start installing components like SQL Express, Connectors etc.

Step by Step Azure AD Sync Installation Guide

  • After the installation of required components is completed, you’ll be prompted for below screen to provide your Azure AD Credentials. This needs to be your office 365 Global Admin credentials. We’re using AzureAD@UCTechTalk.onmicrosoft.com as a service account created in part 1 of this series.

a (5)

  • After connecting with Office 365 using Global Admin Credentials, the next screen will be presented to enter your on prem active directory account credentials. In our case, We’ve already setup a service account in our local active directory and we will use the same account  here as shown below.

a (7)

  • After providing the credentials, click on Add Forest and Active Directory forest will be added as shown below. Repeat the same steps to add multiple forests.

a (8)

 

  • Next Screen will be presented for User Matching, You can uniquely identify your users based on criteria defined here. We’re using the default settings.

a (9)

 

  • Next screen will be presented to choose the Optional Features and the new features that comes with Azure AD Sync tool.

a (10)

 

  • Once you’re done with all the information and tool is able to connect with both on prem AD and Office 365 using the credentials provided during the configuration click on Configure to start the configuration

a (11)

a (12)

  • Once the configuration is completed, Click on Finish and the Wizard begins the process of synchronizing on prem identities with Office 365.

a (13)

  • To verify that the users have been synchronized with Office 365, login to Office 365 –> Users –> Active Users and verify the last sync time and Status.

1

By Default, Azure AD Sync tool Synchronized with office 365 after every 3 Hours. We can change this time at any time.

If you want to read the other Parts in this series, then please go to:

14 comments

  • Pingback: Understand and Modify Office 365 users ImmutableID

  • very helpful article which can use while implementing dir sync server..

    Thank you for your effort for building such a good documents..

    Regards
    Shafeeque k

  • Great article! Do you know which ports need to be open on the firewall from the AAD sync server to Office365 – anything else other than 443 and 80? Thank you!

  • Hi Riaz, good article.
    Quick question: I have users in on-premise and have already created them on Azure. Both have the same usernames (xxx@yyy.com) but different passwords. Would running the Azure AD Sync create duplicate users at both ends or it would take care of syncing them with the userid?
    Also, will the password synchronize to have same passwords across both?

    Thanks,

    • Mahesh,

      When you already have a user on office 365 with the same UPN then AAD Sync will override the cloud user with on prem user and user needs to login using his on prem AD credentials. Also, AAD Sync will not write any information in AD. Thanks.

      FYI: Microsoft discontinued AAD Sync tool and now pushing Azure AD Connect.

  • Is it possible to synchronize Office 365 with on-prem AD if you are not using the domain name of your company in o365? I’m asking because I followed your instructions step by step (both parts 1 and 2) but passwords are not being synchronized. When I go in the office 365 portal I see that usernames are in the form userxyz@contoso.onmicrosoft.com while in my AD they are userxyz@contoso.com

    Is that why they are not being synchronized or something else in the process?

    Thank you for your great guide regardless.

  • I ran across a client who has DirSync (AADconnect) and Single Sign-on (ADFS) configured for a single or multitenant (not determined yet). When I asked to see the Azure Management portal, there were no Azure domains. Is this possible? If so, what’s the AADconnect synching to? I know Exchange Online uses an Identity Database Cache instead of Azure AD directly. But, the cache is create dfrom Azure AD. Am I missing something? Thx!

  • Pingback: Configuring Azure AD Connect to use specific Domain Controller – Microsoft Expert Talk

  • Peculiar article, totally what I wanted to find.

  • Pingback: Convert Office 365 Domain to Managed -