Directory Synchronization using Azure AD Connect

In this post we will configure Directory integration between Azure Active Directory and Windows Server Active Directory using the Azure AD Connect Tool.

Integrating your on-premises directory services with Azure AD will allow users to take advantage of a common identity when accessing both your on-premises and your cloud environments. In other words, the Azure AD give you similar sign-on experience.

Synchronizing both the on-premises and cloud directories have the following benefits:

  • The default option sync with the password hash which allows sign on to cloud resources based on Active Directory passwords.
  • Users will be able to access Office 365, Intune, SaaS apps and third-party applications without having to remember and manage a separate set of credentials.
  • The application developers can build solutions leveraging a common identity model, integrating into on-premises or Azure directory services for cloud-based applications

Let us look at some of the prerequisites:

  • A dedicated member server(recommended) running Windows Server 2008 or later or a Domain Controller
  • Internet access on the server installing Azure AD Connect
  • Azure AD administrator account for the Azure tenant you wish to integrate with on-premises
  • An enterprise administrator account for the on-premises active directory services which will be integrated to the Azure AD tenant.

Hardware requirements for Azure AD Connect

The table below shows the minimum requirements for the Azure AD Connect sync computer.

Number of objects in Active Directory CPU Memory HDD
Fewer than 10,000 1.6 GHz 4 GB 70 GB
10,000–50,000 1.6 GHz 4 GB 70 GB
50,000–100,000 1.6 GHz 16 GB 100 GB
For 100,000 or more objects the full version of SQL Server is required
100,000–300,000 1.6 GHz 32 GB 300 GB
300,000–600,000 1.6 GHz 32 GB 450 GB
More than 600,000 1.6 GHz 32 GB 500 GB

Installing and configuring Azure AD Connect.

To get started using Azure AD Connect, download the latest version from the following link: https://www.microsoft.com/en-us/download/details.aspx?id=47594 to the server dedicated for Azure AD connector installation.

Capturex

Double click on the downloaded installer (AzureADConnect.msi) to start installation.

Capture1

On the Welcome page, click on agree to the license terms and privacy policy to continue.

Capture2

Select the Use express settings. This is appropriate if you have a single forest and wish to configure the password synchronization.

Capture3

In the next step, enter the Global Administrator credentials for the Azure tenant to connect the AD connector tool to the Azure Active directory.

The Global Administrator credentials are used to create a service account that will take care of the synchronization.

click Next to continue.

Capture4

In the next page enter the On-premises Enterprise administrator credentials for the tool to connect to the on premises Active Directory service. The enterprise administrator credential is used only to create service account and grant proper permissions.

click Next to continue.

Capture5

In the “Ready to configure” page, verify that the settings are the ones you intended before you click the checkbox to start the synchronization process after the configuration is complete.

Capture6

As part of the configuration, the tool will install a local instance of SQL Express to support the sync process and the Sync service.

Capture7

When the installation complete, you will get a confirmation page.

Capture8

Wait for few minutes for the synchronization to take place, then logon your Azure portal and verify that all your accounts have been synchronized.

Notice that the directory integration tab under your tenant is showing ACTIVATED.

Capture10

Select USERS under the tenant to verify that the user accounts in the on-premises active directory are displayed.

Capture11x

 

 

Advertisements

About Jayachandran PK
My passion is for Microsoft technologies and how if properly implemented, they can provide actual value for an organization especially in the field of infrastructure, virtualization and system monitoring. I work for the biggest Microsoft partner in Kuwait, specialized in project consultation and implementation services for enterprise clients. When I'm not at work, I try to contribute back through a charitable organization dedicated to prompting cultural values of Kerala. In my free time, I dabble in gardening and am also an avid solar power aficionado.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: