Azure AD Connect is a cloud service that helps you stay connected with your on-premises Microsoft Active Directory and synchronizes it with Azure. With the help of this connector, you can use your work’s existing password infrastructure to access Office 365 resources without having to create new passwords.
The “microsoft azure active directory connect” is a tool that allows users to connect Azure AD to Office 365. The tool is available in the Microsoft Azure portal, and can be used by both administrators and end-users.
Finally, your company has made the switch to Office 365! That seems both thrilling and intimidating. However, integrating Azure AD to Office 365 is the next step.
Are you a non-reader? Check out this similar video.
One of the first questions that comes to mind is how to ensure that users only use one credential to access both on-premise and cloud services. This is where Azure Active Directory Connect comes in.
Your user accounts, including passwords, will be synced to Office 365 via Azure AD Connect. This implies that your users will only need one credential to access network printers or their Office 365 emails.
You’ll learn how to set up Azure AD connect and activate directory synchronization for your Office 365 tenancy in this post.
Requirements
Because this is a step-by-step guide, you’ll need a few things if you want to follow along with the examples.
- A tenant in Azure Active Directory. If you don’t have a renter yet, you may request a free trial.
- Access to an Active Directory on-premises. If you don’t already have one, you may create a test server using an Azure trial subscription.
- Azure AD Connect will be installed on this server.
- Install the Azure AD Connect software.
- In your Azure AD tenancy, a Global Administrator account.
- In your on-premises Active Directory, an Enterprise Administrator account.
- Make sure your network allows the Azure AD Connect and Azure AD ports.
- Your management PC must have the MSOnline module installed.
Visit Prerequisites for Azure AD Connect for a complete list of prerequisites.
Checking the Directory Synchronization Status Before Installation
Let’s look at how to verify the current state of directory synchronization in your tenancy before we get started with the Azure AD Connect setup.
Scripting using PowerShell
You must first connect to Azure AD to see the current DirSync status. Then, to get information about your organization’s directory sync status, run the command below.
Get-MsolCompanyInformation
You should see something like this in PowerShell after performing the command above. The value of DirectorySynchronizationEnabled is False, as seen in the figure below.
Using PowerShell to get the Azure AD Connect status
Since directory sync has never been performed, other properties such as DirSyncServiceAccount, LastDirSyncTime, and LastPasswordSyncTime are anticipated to be empty.
How to Use the Admin Center
In the Azure Active Directory Admin Center, you can also verify the current DirSync.
First, log in to the portal. Then, go to Azure Active Directory —> Azure AD Connect. Under the Azure AD Connect sync section, you should see the current status of the directory sync.
The Azure AD Connect is not installed, as seen in the figure below, and the Last Sync status value indicates that the Sync has never run. Finally, the setting for Password Hash Sync is deactivated.
Obtaining the status of Azure AD Connect from the Admin Center
Azure AD Connect Installation
You’re ready to install Azure AD Connect on your server if you’ve already satisfied all of the prerequisites.
To begin, log in to the server where Azure AD Connect will be installed. Run the setup file and follow the on-screen directions.
The Welcome to Azure AD Connect page is shown below. Take notes (or don’t) on what’s being said, and be sure to click the box that says I agree to the licensing terms and privacy notice. Then choose Continue.
Accept the conditions of the license.
The installation type may be selected on the next page. You have the option of customizing or using express settings. The express settings will be used to install Azure AD Connect in this example.
Choosing the express installation will result in the following:
- Configure identity synchronization.
- Configure password synchronization from on-premises Active Directory to Azure Active Directory.
- Perform the first sync.
- Activate Auto Upgrade.
Select the express installation option.
Then, on the Connect to Azure AD screen, input the Global administrator account’s credentials. A Global administrator account is necessary, as stated before in this article.
Click Next once you’ve input the credential.
Give the global administrator account for Azure AD.
You’ll be brought to the Connect to AD DS page if the installation was able to utilize the Global admin credential you supplied.
You must input the account credential for your on-premise Active Directory that has enterprise administrator access. Then press Next.
Give the enterprise administrator account for Active Directory.
You will be brought to the ready to configure page when the credential has been verified, where you will see a list of tasks that will be executed. These are the actions:
- Install the engine for synchronization (local SQL express).
- Configure the Azure Active Directory Connector.
- Configure the <domain> Connector.
- Enable synchronization of password hashes.
- Activate Auto Upgrade.
- Set up your synchronization services.
- Carry out the first synchronization.
Click Install to begin the installation process.
Verify your installation.
All you have to do now is wait for the installation to finish.
Installation of Azure AD Connect is in process.
After the installation, setup, and first synchronization are completed, you will get a status page similar to the one shown below. Take notice of the reminders and suggestions before clicking Exit.
Installation of Azure AD Connect is complete.
Validating the Azure AD Connect Setup
After you’ve installed Azure AD Connect on your server, double-check that the installation went well and that directory synchronization is functioning. You’ll learn how to verify that Azure AD Connect synchronization is working in this section.
Using the Microsoft 365 Admin Center to verify Azure AD Connect
A default card in the Microsoft 365 admin center displays the Azure AD Connect status.
To begin, go to the Microsoft 365 admin center portal and log in. The Azure AD Connect status should appear under the User management card after you’ve signed in. For reference, see the screenshot below.
The state of Azure AD Connect in the Microsoft 365 Admin Center
As you can see in the picture above, the most recent Directory Sync was completed 17 minutes ago. Password synchronization is also enabled.
In the Microsoft 365 Admin Center, check the User Account Sync Status.
You may also see whether your On-Premise Active Directory accounts are synced with Office 365.
To check the user account sync status, in the Microsoft 365 admin center, go to Users —> Active Users. When you look at the list of users, you would see the Sync status column showing whether the account is In Cloud or Synced from on-premise.
Account sync status (On-Premise and Cloud only)
Obviously, the cloud accounts are those that were created directly in Office 365 and do not exist in your on-premise Active Directory.
While the Synced from on-premise accounts are on-premise and synced to the cloud, the Synced from on-premise accounts are not.
In the Azure AD Admin Center, verifying Azure AD Connect
First, log in to the portal. Then, go to Azure Active Directory —> Azure AD Connect. Under the Azure AD Connect sync section, you should see the current status of the directory sync.
The Azure AD Connect Sync status is Enabled, and the Last Sync status value says that it was less than 1 hour ago, as seen in the figure below. Finally, the setting for Password Hash Sync is set to Enabled.
In the Azure AD Admin Center, check the status of Azure AD Connect.
In Azure AD Admin Center, verifying the User Account Source
Checking the user account source is another technique to ensure that synchronization is functioning.
First, log in to the portal. Then, go to Users —> All users. Under the list of users, you’ll see under the Source column whether the account is from the Windows Server AD – which indicates that the account is synced from the on-premise Active Directory.
Azure AD admin center user account source
Verifying the Directory Synchronization Status Scripting using PowerShell
You must first login to Azure AD to see the current sync status. Then, to get information about your organization’s directory sync status, run the command below.
Get-MsolCompanyInformation
You should see something like this in PowerShell after performing the command above. As you can see in the picture below:
- DirectorySynchronizationEnabled has the value True.
- The account that has been designated as the synchronization service account is shown.
- DateTime values for LastDirSyncTime and LastPasswordSyncTime are filled.
- PasswordSynchronization True is the enabled value.
Using PowerShell to get the Azure AD Connect status
The Azure AD Connect Sync Cycle Schedule is being verified.
The AdSync PowerShell module is installed with Azure AD Connect when you install it. You may also verify the current Azure AD Connect synchronization status on your server using the AdSync module.
To get started, open PowerShell and enter the command below.
The following would be the effect of executing the code above:
- The time between planned sync cycles (AllowedSyncCycleInterval)
- The sync cycle schedule is enabled or disabled (SyncCycleEnabled)
- When will the next sync happen? (NextSyncCycleStartTimeInUTC)
- The kind of sync that will be performed next (NextSyncCyclePolicyType)
Scheduler for Azure AD Connect
Manually Performing a Delta Sync
One approach to see whether the synchronization is running properly is to do a manual delta sync. When you use delta sync, you’re just syncing changes made after the previous directory sync.
Change the display name value of an account in your on-premise Active Directory to test delta sync. The user account AdSync will be used in this example, and the display name will be modified to AdSync1.
Changed the display name
Then execute the command below in PowerShell.
-PolicyType Delta -Start-ADSyncSyncCycle
Wait for the above command to deliver the desired result, as illustrated in the figure below.
Delta Sync is finished.
Then, verify that the display name has changed in the Azure AD admin portal. The display name of the user AdSync before and after the delta sync is shown in the picture below.
Changed the display name in Azure AD
Azure AD Connect is being removed.
You may opt to delete Azure AD Connect and deactivate directory synchronization for your organization at any point.
Assume you have a small business and have already moved all of your users to the cloud. You don’t need to keep any servers in your data center anymore. One reason to disable Azure AD link is this.
UnAzure AD Connect Installation from the Server
Follow these instructions to Azure AD Connect should be uninstalled.. Remove Azure AD Connect from your server first.
Microsoft Azure AD Connect should be uninstalled under Programs and Features.
Make sure to choose Also remove supporting components when the Azure AD Connect should be uninstalled. dialog appears. After that, click Remove.
Azure AD Connect should be uninstalled.
After the uninstall has finished, you should get a confirmation screen similar to the one below.
Azure AD Connect was successfully removed.
Directory Synchronization is disabled.
The last step is to deactivate DirSync once Azure AD Connect has been removed from the server.
You must first connect to Azure AD Scripting using PowerShell. Next, use the command below to disable the directory synchronization for your Azure AD tenant.
$false Set-MsolDirSyncEnabled -EnableDirSync
You may see an error similar to the one shown below after running the program.
Error when Directory Synchronization is disabled.
The aforementioned error indicates that you are not yet permitted to deactivate synchronization. Depending on the size of your tenancy, disabling DirSync might take anything from a few minutes to many days.
All you can do in this situation is wait and attempt the command again. It took roughly 15 minutes in this case to wait. This time, the command to deactivate DirSync worked well.
The command to deactivate dirsync was done successfully.
After disabling DirSync and Azure AD Connect is being removed., the previously synchronized accounts from your on-premise AD to Azure AD will be converted to a cloud account. These converted accounts will no longer show as being synced from on-premise.
The accounts may take several hours to completely convert from on-prem to cloud. After removing directory synchronization, the conversion took around 36 hours to complete in this article. Compare the before and after photos below.
Disabling before and after DirSync
Conclusion
Azure AD Connect is a fantastic solution for synchronizing your on-premises user accounts with your Azure AD / Office 365 tenancy. Your users won’t need different accounts to access on-premise and cloud services if everything is set up correctly.
There are many more setup options available with Azure AD Connect than are detailed in this article. When you want additional control over upgrades, you may adjust Azure AD Connect to alter the sync cycle interval or deactivate auto-upgrade.
I hope that, despite its simplicity, what you’ve learned in this post has helped you get a better knowledge of how to install, setup, and utilize Azure AD Connect for your Office 365 tenancy.
Additional Reading
Azure AD Connect is a tool that allows users to connect their on-premises Active Directory (AD) to Microsoft Azure. This provides an easy way for organizations to adopt cloud services while maintaining control of their data. The “azure ad for office 365 features” are the benefits of using Azure AD Connect.
Related Tags
- manually sync office 365 with active directory
- azure ad sync tool
- sync ad to office 365 powershell
- azure and office 365 integration
- sync office 365 users to active directory
