DirSync Vs Azure Active Directory Synchronization Service (AAD Sync)

I thought, I was in too hurry to post my last blog on “Install and configure AAD Sync for Office 365“. Before I have published this blog, I should have mentioned about the DirSync and AAD sync. Because as of now I am getting few question regarding the difference between DirSync and AAD Sync. Anyway, let’s on this blog I will be describing about the DirSync and Azure Active Directory Synchronization Service (AAD Sync).

Azure Active Directory (AD) Connect (formerly known as the Directory Synchronization tool, Directory Sync tool, or the DirSync.exe tool) is a server-based application that you install on a domain-joined server to synchronize you’re on-premises Windows Server Active Directory users to the Azure Active Directory tenant of your Office 365 subscription. You can install Azure AD Connect on an on-premises server, but you can also install it on a virtual machine in Azure for the following reasons:

  • You can provision and configure cloud-based servers faster, making the services available to your users sooner.
  • Azure offers better site availability with less effort.
  • You can reduce the number of on-premises servers in your organization.

So as on my earlier blog, we can have DirSync or AAD Sync on the server as of DC or we can have separate one. But, if I am going to install AAD Sync then what should be my specs of the machine. So, there I have made a chart that could help to understand the resource required for the AAD Sync.

Number of Objects in Active Directory CPU Memory Hard drive Size
Fewer than 10,000 1.6 GHz 4 GB 70 GB
10,000-50,000 1.6 GHz 4 GB 70 GB
50,000-100,000
Requires full SQL Server
1.6 GHz 16 GB 100 GB
100,000-300,000
Requires full SQL Server
1.6 GHz 32 GB 300 GB
300,000-600,000
Requires full SQL Server
1.6 GHz 32 GB 450 GB
More than 600,000
Requires full SQL Server
1.6 GHz 32 GB 500 GB

But if you do have more than 300,000 objects on your environment, you need to contact Microsoft to enable replication of this objects. Now, let’s see what are the difference between DirSync and AAD Sync

Use the following key for each of the tables

● = Available Now
FR = Future Release
PP = Public Preview

On-Premises to Cloud Synchronization

Feature

Azure Active Directory Connect

Azure Active Directory Synchronization Services (AAD Sync)

Azure Active Directory Synchronization Tool (DirSync)

Forefront Identity Manager 2010 R2 (FIM)

Microsoft Identity Manager 2016 (MIM)

Connect to single on-premises AD forest

Connect to multiple on-premises AD forests

Connect to multiple on-premises Exchange Orgs

Connect to single on-premises LDAP directory

FR

Connect to multiple on-premises LDAP directories

FR

Connect to on-premises AD and on-premises LDAP directories

FR

Connect to custom systems (i.e. SQL, Oracle, MySQL, etc.)

FR

Synchronize customer defined attributes (directory extensions)

Connect to on-premises HR (i.e., SAP, Oracle eBusiness,PeopleSoft)

FR

Supports FIM synchronization rules and connectors for provisioning to on-premises systems.

Cloud to On-Premises Synchronization

Feature

Azure Active Directory Connect

Azure Active Directory Synchronization Services (AAD Sync)

Azure Active Directory Synchronization Tool (DirSync)

Forefront Identity Manager 2010 R2 (FIM)

Microsoft Identity Manager 2016 (MIM)

Writeback of devices

Attribute writeback (for Exchange hybrid deployment )

Writeback of users and groups objects

Writeback of passwords (from self-service password reset (SSPR) and password change)

Authentication Feature Support

Feature

Azure Active Directory Connect

Azure Active Directory Synchronization Services (AAD Sync)

Azure Active Directory Synchronization Tool (DirSync)

Forefront Identity Manager 2010 R2 (FIM)

Microsoft Identity Manager 2016 (MIM)

Password Sync for single on-premises AD forest

Password Sync for multiple on-premises AD forests

Single Sign-on with Federation

Writeback of passwords (from SSPR and password change)

Set-up and Installation

Feature

Azure Active Directory Connect

Azure Active Directory Synchronization Services (AAD Sync)

Azure Active Directory Synchronization Tool (DirSync)

Microsoft Identity Manager 2016 (MIM)

Supports installation on a Domain Controller

Supports installation using SQL Express

Easy upgrade from DirSync

Localization of Admin UX to Windows Server languages

Localization of end user UX to Windows Server languages

Support for Windows Server 2008 and Windows Server 2008 R2

● for Sync, No for federation

Support for Windows Server 2012 and Windows Server 2012 R2

Filtering and Configuration

Feature

Azure Active Directory Connect

Azure Active Directory Synchronization Services (AAD Sync)

Azure Active Directory Synchronization Tool (DirSync)

Forefront Identity Manager 2010 R2 (FIM)

Microsoft Identity Manager 2016 (MIM)

Filter on Domains and Organizational Units

Filter on objects’ attribute values

Allow minimal set of attributes to be synchronized (MinSync)

Allow different service templates to be applied for attribute flows

Allow removing attributes from flowing from AD to Azure AD

Allow advanced customization for attribute flows

Source: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-hybrid-identity-design-considerations-tools-comparison

Although Microsoft is deprecating the services DirSync and Azure AD Sync very soon, for detail will be blogging on my next blog.

Hope this blog was quite informative to you all…

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.