Microsoft have released a new tool that you can use to synchronize your internal AD to a Directory Service configured on you Azure. This will help you:
- Active Directory and Exchange multi-forest environments can be extended now to the cloud.
- Control over which attributes are synchronized based on desired cloud services.
- Selection of accounts to be synchronized through domains, OUs, etc.
- Ability to set up the connection to AD with minimal Windows Server AD privileges.
- Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
- Preview AAD Premium password change and reset to AD on-premises.
This blog post will be dedicated to the installation process of this tool.
First thing first, go to the following link and download the tool from here.
Once you fire up the installation process it will install several components on your computer, among them:
- SQL Server 2012 Express
- Forefront Identity Management Azure Connector
This all happens in the background.
Now that’s its install you will need to provide your Azure credentials. You will need to use your Global Admin for this one. One of the cool new features of this tool is you can add several domain’s/forests for synchronization. In my lab I only have one domain in a single forest and that’s what I chose. So I have entered my domain credentials and the tool installs the synchronization
Now we have to configure how we want to match users. This is where I choose the default settings (as this is a lab only) but you have to consider this step and choose wisely! You don’t want duplicate users!
The next step offers us several additional features. For the purpose of this lab, I’m going to choose only the ‘Password Synchronization’ feature. You can read more about each feature in the following link.
The next step is to configure the synchronization service. This is done automatically by the installation tool. The tool connects to your Azure AD and your on premise forest, configures them and offer to perform the initial synchronization – I recommend you skip this at this point if you want to customize the synchronization.
One other thing. Very important! I have installed the Azure AD Sync tool on my Domain Controller server. This is highly un-recommended! You should install the Azure AD Sync tool on a dedicated server.
Incoming search terms:
- instal azure ad sync
- install azure ad sync tool