Setting up Azure Active Directory Sync Tool

We’ve seen how to setup Office 365 to be ready to accept synchronization from your on premise Active Directory, now we need to setup the Active Directory Sync Tool. The tool we are going to use is called Microsoft Azure Active Directory Sync.

To download the tool visit here

This tool replaces an older tool called the Directory Sync tool, and if you’ve worked with the former tool you will appreciate how much work Microsoft has put into this. What this tool does is syncs your accounts and password hashes to Azure Active Directory which is the identity manager for Office 365, more specifically it syncs these attributes and others if desired into your tenant.

Once the tool is downloaded run the executable.

The first option presented is if you want to use express settings or customize your settings. In most cases where you are synchronizing one Active Directory Domain/Forest and don’t mind syncing all attributes, this is what you will select. If your sync is more complex and you want additional choices, you will customize your sync tool.

1b - Azure AD Connect Express Settigns

Once you click “Use express settings” you will be asked to supply your Office 365 tenant credentials. It’s important to note here that you will want to use administrator credentials here.

1c - Azure AD supply azure creds

Click Next, and you will be asked to supply your Active Directory (on premise) credentials. This should be a domain admin account.

Azure AD Sync AD DS Creds

Once validation has been completed, click Install. Be careful about the last option on this screen before clicking install. The option I am referring to is “Start the synchronization process as soon as the configuration is complete”

If you leave this option checked, As soon as you are done the Azure Active Directory Connect tool will start a sync. This will sync your entire active directory. If you are ok with this, by all means leave it checked. In many cases this is the simplest way to get started. If your Active Directory is messed though, it will copy all of your users and you’ll have to sort them out on the cloud by licensing the correct ones. In another blog, we will go over how to change this.

Azure AD Sync confirmation

You’re done, review and click exit.

1d - Azure AD connect complete

You will notice that you have 4 applications available from Azure

  1. Azure AD Connect
  2. Synchronization Rules Editor
  3. Synchronization Service
  4. Synchronization Service Key Management

The tool runs as a scheduled task via Task Scheduler, and is set to run every 3 hours.

Opening Task Scheduler and clicking on the Task Scheduler Library will reveal the created scheduled task, and since it’s been run by default once you should be greeted with a nice “The operation has been completed successfully message”

1E - Azure Connect Task Scheduler operation completed

Now if you log onto your Office 365 Tenant, you should see your Active Directory Users living in Office 365. You can easily distinguish your users that are created in Office 365 vs. Synced users by looking at the status field. Users created in Office 365 will say “In Cloud” and Synced users will say “Synced with Active Directory”1F - Synced Users


Leave a comment

Your email address will not be published.