In a recent post I detailed the current replacement product to DIRSYNC:
In there I noted that this will soon be replaced with Azure AD Connect which is currently in preview:
I thought I’d run through a short walk through experience of installing Azure AD Connect just so you can see. When the product comes out of preview I’ll do something in more detail.
You download and run the tool.
This will give you an icon on your desktop and launch the install wizard.
You need to agree to the license terms.
You select the Continue button.
You’ll be prompted to install any prerequisites. Press the Install button to continue.
You can select any custom configuration you desire. Press the Install button to continue.
You should now see the service commence installing by installing SQL Express as AD Sync Services did.
It will then start installing the Synchronization Service.
Next, you’ll need to enter you Office 365 credentials and select Next.
You should then see the connection to your tenant being made.
At this point you can elect to use the express settings or work through the customised options. The express options will automatically:
- Configure synchronization of identities in the current AD forest
- Configure password synchronization from on premise AD to Azure AD
- Start an initial synchronization
- Synchronize all attributes
For most standard configurations this is fine but we will select the Customize option rather than the Use express settings here to see all the options.
Select the Password Synchronization option and Next to continue.
Next, enter you on premised domain credentials and select Add Directory. If you have more local domains you can add these but normally all you need to do after adding the local domain is select Next.
The local AD information will be retrieved.
Here is where you can now elect to filter what is synchronised. Since we only have one domain we’ll elect to synchronise everything and press Next to continue.
Normally you select User are represented once across all directories here and press Next.
This option allows you to match on premise users with those in the cloud via different attributes. best practice is normally to leave the default options and select Next to continue.
There are lots of options here that are in preview. Select the Password writeback to sync information from you local AD to Office 365. Remember, that at the moment two way sync will not occur unless you have an Azure AD Premium subscription, which is not part of Office 365. Office 365 only includes free Azure AD.
The hope however is that when Azure AD Connect comes out of preview the ability to sync passwords from local AD to Office 365 and back will be included with all Office 365 plans. However, right here, right now for two way syncing you need an Azure AD Premium subscription.
Select Next to continue.
Everything is now ready to configure so press the Install button to proceed.
The wizard will now do its thing.
Configuring you Office 365.
The on premises domain.
Then enables password sync.
In a few moments the process will be complete and you can press Exit to end.
As before, you’ll find a number of new applications installed.
The Synchronization Service will give you the ability to monitor the progress real time.
if a user tries to change a password in their web portal they will be greeted with the above message basically informing them that it has to be on premises NOT in the cloud.
An Office 365 administrator can reset the password via the admin portal for a user but after the next sync has run from the local AD that changed password will be overwritten with the one from on premises.
Thus, there is not a huge change between what we have now with Azure AD Sync Services and what is coming with Azure AD Connect. At this stage, you still need and Azure AD Premium subscription to do password write back to on premises as well as many of the advanced features. The hope is that this will change when Azure AD Connect come out of preview. Fingers crossed.