Monday, July 13, 2015

Azure AD Connect tool–the basics

Microsoft recently announced that Azure AD Connect has come out of preview and is now generally available. This now means that Azure AD Connect is the preferred tool for synchronizing on premises AD to Office 365 replacing DIRSYNC and Azure AD Sync Services.

I detailed how to install the preview of Azure AD Connect here:

http://blog.ciaops.com/2015/06/azure-ad-connect-previewinstall.html

and the process is pretty much identical for the released version so I’ll only detail the express install here. Refer to my previous post if you need more details of all the options available but not really required for Office 365.

image

The first thing you’ll need to do to configure synchronisation with your on premises AD and Office 365  is login to the Office 365 portal as an administrator. You’ll then need to select the Users area and then the Active Users.

At the top of the page you’ll find an option Active Directory synchronization as shown above. Here you select the Set up hyperlink.

image

On the page that is displayed you need to select the option to Activate synchronization as shown above.

image

You’ll be promoted to confirm that you wish to Activate.

image

After which you should now see that synchronization is activated.

image

Next, you’ll need to downloaded the released version of Azure AD Connect which you can do from here:

http://www.microsoft.com/en-us/download/details.aspx?id=47594

image

After you have downloaded the software you can install it. It is best practice to install Azure AD Connect onto a member server in your domain but installation on the domain controller is supported.

image

At the Welcome screen select Continue in the lower right.

image

In this case we simply want to configure synchronisation with Office 365 so select Use express settings. If you want to learn about the other options available to you with azure AD Connect check out the following documentation:

https://azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnect/

The express options will automatically:

- Configure synchronization of identities in the current AD forest

- Configure password synchronization from on premise AD to Azure AD

- Start an initial synchronization

- Synchronize all attributes

image

The installation will now commence.

image

You’ll be prompted for your Azure AD credentials, these are the credentials for the Office 365 global administrator account that will be used to connect to Office 365. Remember, Office 365 allows you to have accounts that are global administrators without them having to have a license for the Office 365 services.

image

The account details you provided will now be verified.

image

You’ll now be prompted for credentials for a local on premise administrator for your AD.

image

These credentials will be verified and you’ll now see a summary of the actions that will take place.

image

You’ll then see SQL Express being installed as part of Azure AD Connect.

image

You’ll then see the Synchronization Service being configured.

image

Then the Directory connector.

image

You should then see it connecting to you Office 365 tenant.

image

Then your local AD (here kumoalliance.org)image

 

image

Finally, you should see the Microsoft Online Services Sign-in Assistant restarting.

image

You should then receive a message that the process is complete.

image

After a short while, if you compare you local on premises AD users

image

to those in Office you should find local users have synchronised to Office 365 as expected. You will see their status as Synced with Active Directory as shown above.

image

As usual, the synced users won’t have been assigned an Office 365 license. You’ll need to do this via the browser or PowerShell to allow users access to Office 365 services.

image

If you look at the machine you just installed Azure AD Connect onto you’ll see the above new program group as shown above.

image

If select Synchronization Service from this list you’ll be taken to the sync troubleshooting tool to help you see what is happening underneath the covers and perform and diagnostics.

image

If you need to force a synchronisation at any stage navigate to:

\program files\microsoft azure ad sync\bin

image

and run the file

directorysyncclientcmd.exe

So there you have it. No more DIRSYNC. No more Azure AD Sync Services. Azure AD Connect is you preferred option when it comes to syncing an on premises AD to Office 365.