In this article i am going to be configuring Azure AD Connect for my domain 365DemoLab.com in preperation for my Hybrid deployment of Exchange and Skype for business.
Azure AD Connect is a tool that synchronises your on-premise AD domain to your Office 365 tenant. The tool synchronises many options and configurations but a key one is Password Sync, this allows the users to maintain one password and is synchronised according the schedule you set. A full list of attributes that can be synced can be found here.
So, lets install Azure AD Connect.
- Go to the tools download page here and download the application.
- Run the installation, once installed you will get the “Welcome to Azure AD Connect” wizard
- For my lab i will use the “Use Express Settings” button, i have no requirement to customise the installation
- It will then ask you for your tenant “Azure AD global administrator credentials”.
- It will verify these credentials exist and then ask you for a local AD account.
- It will then confirm UPN Suffixes (to see how to add a suffix to the domain click here) and we can see that the domain we imported (here) 365demolab.com is verified.
- On the “Ready to Configure” we can see two options, “Start the synchronisation process…” and “Exchange Hybrid Deployment”. By Default the latter is unchecked, but as our end goal is to setup a hybrid, i will check this box.
- The install will then create a small database and install the synchronisation service and configure the local directory. Go ahead and press Exit.
By default (because we said express settings during installation), all my AD accounts have been synchronised to my Azure AD, including any Exchange Health mailbox accounts and security groups.
Lets say I want to change the scope of the synchronisation to just one specific OU?
- Open the Azure AD application.
- On the Welcome screen click on Configure and select “Custromize Synchronization Options” and press next.
- Enter your tenant admin credentials and click next until you get to the “Domain and OU filtering” page. Here I am going to change the scope and select the OU “365DemoLab Users” and click next.
- I’m going to leave any optional features as they are and click next again.
- When it has had a little think on what it needs to configure we can go ahead and press the “configure” button.
Once the configured it will synchronise the changes to the office 365 tenant.
If the replication is taking a while you try running this powershell command from the same server with the tools installed
Start-ADSyncSyncCycle -PolicyType Delta
or if you wish to do a complete sync you can run this command
Start-ADSyncSyncCycle -PolicyType Initial
In this article we have installed and configured Azure AD Connect with our local AD domain and the 365demolab.com tenant online. We have also modified the scope of the synchronisation.
Thanks for reading.