Install and Configure AAD Sync for Office 365

Office 365 has been great product not only for the email but also for the collaboration products. In my previous blogs, I have been sharing my knowledge on how to create O365 account and manage it. The thing I was missing previously is core focus on user Management, the first question will be; Can I sync my local AD with O365? What are the methods? And if possible how can we do it?How can I Install and Configure AAD Sync for Office 365 ?

So, on this blog I will be sharing my knowledge on syncing Local AD user to the O365 Cloud. As of the Block Diagram we do have three method to create or sync user on O365 Cloud.

Cloud Identity: Cloud Identity means the user management is only on the cloud, you can change password assign user to the group or do any kind of user management you can do it only in cloud. So, that means you need to login into your portal and manage the accounts. This is the default configuration on Office 365.

Synchronized Identity: In Synchronized identity, you can sync the User Account and User password from your local on-premises AD to the Cloud O365 AD. But if you made any changes on the Cloud, that will not get replicate to the On-Premises. i.e. the sync is only one-way process from On-Premises to the Cloud. On this blog, we will focus on synchronized identity

Federate identity: Federated identity is quite complex structure, which make the Directory Sync on the both side. On the back-end it does the Federation of local Active Directory to the Microsoft Cloud Active Directory. i.e. if you make any change of the user on the cloud end or on the On-Premises end, it will sync vice-versa. Extra thing we need to consider for this architecture is redundant Federation Servers and Public SSL.

As said earlier, we will be focusing on ‘Synchronized Identity’ on this blog. The ‘Synchronized Identity’ replicate/sync the local Active Directory User Objects and the password to the cloud to provide the facility of single sign-on feature to users. To perform this activity, we need to install and configure DirSync Tool on our local on-premises active directory. Below block diagram shows how the DirSync Tool sync Local Active Directory Users to the Cloud Office 365.

Let’s start with the installation and configuration of DirSync for the replication of Local AD with Cloud Office 365. Before the Installation of DirSync, we need to configure few things on O365 able to accept the communication between Local AD and Cloud. For that on the admin panel of your O365 account, go to the ‘Active Users‘ and click on ‘More‘ and select ‘Directory synchronization‘. Recommend to do this process on Domain Machine greater than Windows 7 sp1 with Domain Administrative privilege.

A new window will appear in your screen with title ‘Directory Synchronization’ which will ask you to check the readiness of your local Active Directory. To check the readiness, click on ‘Go to the DirSync readiness wizard’.

Once you click on ‘Go to the DirSync readiness wizard’ a new tab will get open in your internet explorer to identify whether you are right for directory sync or not. This windows is basically saying that if you do have less than 50 users, it is recommended to create user manually or bulk import on cloud than to be sync with DirSync. Below is the snapshot on what happens if I select, I do have only ’11-50′ users.

As selecting ’11-50′ users says it is more complicated action for small number of users, I have selected few more ’51-250′ and click on ‘Next’ to make sure I complete this blog :P.

On this screen it describe the process of syncing local directory with the cloud, so I clicked on ‘Next’ on this screen too.

Now it’s time to check the compatibility of my local directory to the cloud. As I mentioned earlier, we need to perform this action on Domain client machine, which do have pre-requisite as of the given below.

On the ‘Next’ screen you can see there ‘Start Scan’, this process will start to scan and identify the number of objects and user that will be sync with the cloud. So clicked on ‘Start scan’.

Again when you click on ‘Start scan’ a new tab on internet explorer will get open preparing your client machine.

Once the preparation is ready, click on ‘Run checks’.

The ‘Run Checks’ Process will start to check the pre-requisites of the Domain Machine first to install the application ‘Microsoft office 365 support Assistant 3.5’.

If the pre-requisite is good, good it will ask permission to run the application. You can click on ‘Run’ to execute it.

During the execution, it will download few MB of file.

After completion of download, it starts to evaluate the readiness of domain controller.

If there is any error, it will get display on this screen. As I didn’t have any there is no information to show, so I closed this tab and went to the previous one.

Over here, you can see that ‘Scan completed. Click Next to see your results’. So, click on ‘Next’.

Now, you can see what are the data that has been collected from your local directory to move ahead. Click on ‘Next’.

On this process, if you haven’t verified your domain it will start to verify it with point ‘TXT’ record. As I have already verified clicked on ‘Next’.

Now, it’s time to download DirSync tool to connect with O365 Azure Active Directory. Hence I clicked on ‘download’.

A new Tab got open to get download ‘Microsoft Azure Active Directory connect’. Downloaded the tool, it is around 78 MB.

Once download is completed, closed the download TAB and clicked on ‘Next’.  And on ‘Activate Users’ it has given instruction, on how we can assign license to those users who has been synced from local AD to cloud. Clicked on ‘Next’.

And here, we are ready to go. On this window clicked on ‘Finish’. Oh, please rate your experience so that Microsoft can view your experience on setup. J

Now, if you check on the DirSync Health you can find ‘Directory sync enabled’ is ‘false’. To make it true we need to install and configure ‘Dirsysnc’.

Copy the downloaded ‘AzureADConnect’ to the server and double click to execute it.

A new window will get open as a security warning to get execute, click on ‘Run’.

Now the installation for ‘Microsoft Azure AD Connect’ is started.

Once the copy of data is finished, you will see ‘Azure AD Connect’ application running.

On the Welcome screen, select ‘ I Agree’ and click on ‘Continue’.

As, I am going through the Express configuration. Clicked on ‘Use express settings’.

It started to install the required configuration for the express settings.

After completion of the installation, it will ask you the AD credential of your Office 365 Account. Once the data is provided, click on ‘Next’. After providing the cloud credential, it will verify the credentials.

On next step, it will provide the administrative credential of local AD and click on ‘Next’. After providing the credential, it will verify the credential for local Active Directory.

Once the configuration has been finished, click on ‘Install’.

After the completion of the installation, Azure Active Directory Connect starts to sync the local Active Directory to the Cloud Azure AD.

After the installation and initialization of the sync, it will appear ‘Configuration complete’. Click on ‘Exit’ on it.

You can see these new application on your Windows server after the completion of ‘Azure AD Connect’.

After the synchronization, you can see the local Active Directory users on your ‘Active Users’ which are unlicensed.

Also on your home page, you can see the DirSync Status with your local Active Directory.

That’s all for the installation and configuration of the DirSync on your Local Active Directory to get sync with Cloud Azure AD. If any confusion, you can make comment so that we can help you on clear up. 🙂

2 Comments

Add a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.