Office 365: AD Connect (DirSync Revamped)
If you’ve not configured Active directory to sync to Office 365 in the last few months then you probably haven’t seen the DirSync replacement ‘AD Connect’. Performing an express install is so easy its barely worth showing the process but lets do it anyway. If you prefer getting stuck into the details the Custom setup offers the ability to sync only members of a specified Active directory group to Office 365. This is great for keeping your tenant account clean by only syncing actual user accounts and offers more control. I’ll show you how to sync only selected accounts in my next post.
Enable Active Directory Synchronisation
Log into the tenant as a global administrator browse to Users, Active Users then click on Setup.
Click Activate to enable the tenant for synchronisation.
Download AD Connect from section 5 to a server in your on premises environment. AD Connect can be installed on a domain controller without any issues. Great for the small businesses out there who don’t have spare domain member servers on the network.
Once downloaded run the install
Agree to the terms and click Continue.
Select ‘Use Express Settings’ to enable full synchronisation with Active Directory and enable password sync.
Enter the credentials for a tenant global administrator.
Next enter the credentials for a domain administrator to the local network.
Tick the first checkbox to start a full sync of the local AD to Office 365. If you are planning on configuring a hybrid Exchange configuration tick the ‘Exchange Hybrid Deployment’ checkbox to enable this. This allows Office 365 to write back to the local Active Directory.
AD Connect will configure an SQL express instance on the server and begin a full synchronisation.
Click Exit to close the installer. You should now see all of your local AD account synchronised and listed in Office 365 which includes all of the local service accounts. Using a custom install you can exclude all of these accounts and I’ll show how to do that in my next post.
At this point your local AD will be synced with Office 365 and will continue to sync every three hours indefinitely. Eventually you will need to perform a manual sync but oh no the old start-onlinecoexistencesync Power Shell commandlet doesn’t work! So how do you do it now?
To perform a manual sync all you have to do is run the directorysyncclientcmd.exe sync tool. Is so easy now to configure a batch script to launch the program as needed.
The location of the tool is here: “c:\program files\Microsoft azure ad sync\bin”
Running the tool gives the following output:
Recent Comments