This post was originally written by Robert Crane, Microsoft MVP
Microsoft recently announced that Azure AD Connect has come out of preview and is now generally available. This now means that Azure AD Connect is the preferred tool for synchronizing on premises AD to Office 365 replacing DIRSYNC and Azure AD Sync Services.
I detailed how to install the preview of Azure AD Connect here:
http://blog.ciaops.com/2015/06/azure-ad-connect-previewinstall.html
and the process is pretty much identical for the released version so I’ll only detail the express install here. Refer to my previous post if you need more details of all the options available but not really required for Office 365.
The first thing you’ll need to do to configure synchronisation with your on premises AD and Office 365 is login to the Office 365 portal as an administrator. You’ll then need to select the Users area and then the Active Users.
At the top of the page you’ll find an option Active Directory synchronization as shown above. Here you select the Set up hyperlink.
On the page that is displayed you need to select the option to Activate synchronization as shown above.
You’ll be promoted to confirm that you wish to Activate.
After which you should now see that synchronization is activated.
Next, you’ll need to downloaded the released version of Azure AD Connect which you can do from here:
http://www.microsoft.com/en-us/download/details.aspx?id=47594
After you have downloaded the software you can install it. It is best practice to install Azure AD Connect onto a member server in your domain but installation on the domain controller is supported.
At the Welcome screen select Continue in the lower right.
In this case we simply want to configure synchronisation with Office 365 so select Use express settings. If you want to learn about the other options available to you with azure AD Connect check out the following documentation:
https://azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnect/
The express options will automatically:
– Configure synchronization of identities in the current AD forest
– Configure password synchronization from on premise AD to Azure AD
– Start an initial synchronization
– Synchronize all attributes
The installation will now commence.
You’ll be prompted for your Azure AD credentials, these are the credentials for the Office 365 global administrator account that will be used to connect to Office 365. Remember, Office 365 allows you to have accounts that are global administrators without them having to have a license for the Office 365 services.
The account details you provided will now be verified.
You’ll now be prompted for credentials for a local on premise administrator for your AD.
These credentials will be verified and you’ll now see a summary of the actions that will take place.
You’ll then see SQL Express being installed as part of Azure AD Connect.
You’ll then see the Synchronization Service being configured.
Then the Directory connector.
You should then see it connecting to you Office 365 tenant.
Then your local AD (here kumoalliance.org)
Finally, you should see the Microsoft Online Services Sign-in Assistant restarting.
You should then receive a message that the process is complete.
After a short while, if you compare you local on premises AD users
to those in Office you should find local users have synchronised to Office 365 as expected. You will see their status as Synced with Active Directory as shown above.
As usual, the synced users won’t have been assigned an Office 365 license. You’ll need to do this via the browser or PowerShell to allow users access to Office 365 services.
If you look at the machine you just installed Azure AD Connect onto you’ll see the above new program group as shown above.
If select Synchronization Service from this list you’ll be taken to the sync troubleshooting tool to help you see what is happening underneath the covers and perform and diagnostics.
If you need to force a synchronisation at any stage navigate to:
\program files\microsoft azure ad sync\bin
and run the file
directorysyncclientcmd.exe
So there you have it. No more DIRSYNC. No more Azure AD Sync Services. Azure AD Connect is you preferred option when it comes to syncing an on premises AD to Office 365.