By Kyriakos Ioannou – Systems Engineer
Many organizations that use Office 365 have a hybrid deployment which means that they have an on-premises Active Directory, which is the primary storage for identity information. Hybrid identity and directory synchronization provide many benefits to your organization, including reduction of administrative programs in your organization, having the option to enabling single sign-on scenario and automating account changes in Microsoft 365.
In order to be able to synchronize your Active Directory with Office 365 you need to make sure that your on-premise server is running Windows Server 2008 or later. It is recommended to create new Domain Administrator and Office 365 Administrator for the synchronization, also the Azure AD Synchronization tool should be installed on a 24/7 server but not the Domain Controller.
Before you start the synchronization in your Active Directory, complete the following clean-up tasks for each user account that will be synchronized with Office 365 account:
- Ensure a valid and unique email address in the proxyAddresses attribute.
- Remove any duplicate values in the proxyAddresses attribute.
- If possible, ensure a valid and unique value for the userPrincipalName attribute in the user's user object.
- You may need to add an alternative UPN suffix to associate the user's corporate credentials with the Microsoft 365 environment. A UPN suffix is the part of a UPN to the right of the @ character. UPNs that are used for single sign-on can contain letters, numbers, periods, dashes, and underscores, but no other types of characters
When you complete the tasks above, follow the below steps to download and install the synchronization tool.
- Sign-in as a local administrator to the server you wish to install Azure AD Connect on. You should do this on the server you wish to be the sync server.
- Sign into the Office 365 Admin centre and choose Users > Active Users on the left navigation panel.
- On the Active users page, choose More (three dots) > Directory synchronization.
- On the Azure Active Directory preparation page, select the Go to the Download center to get the Azure AD Connect tool link to get started.
- Navigate to the downloaded file and double-click AzureADConnect.msi.
- On the Welcome screen, select the box agreeing to the licensing terms and click Continue.
- On the Express settings screen, click Use express settings.
- On the Connect to Azure AD screen, enter the username and password of a global administrator for your Azure AD. Click Next.
- On the Connect to AD DS screen, enter the username and password for an enterprise admin account. You can enter the domain part in either NetBios or FQDN format, that is, domainadministrator or domain.comadministrator. Click Next.
- On the Ready to configure screen, click Install.
- After the installation has completed, reboot the machine.
- Launch the Synchronization Service Manager
- Select Connectors.
- Open the properties of the Active Directory Domain Services connector.
- In Configure Directory Partitions, go to Containers. Enter your credentials to proceed.
- Select the Organization Units you want to synchronize and then click OK.
Following the above steps, you will be able to synchronize your on-premise Active Directory with Office 365. Later, you can choose what exactly you want to synchronize and even what user’s attributes, providing grate flexibility to System Administrators.