Blog

By Achilleas Eleftheriou – Technical Manager

 Introduction

Most companies that use Microsoft 365 have a hybrid installation, they also have an Active Directory on-site, which is the main identity data processing.

Learn how local AD information can be combined with your Microsoft 365 environment using native Microsoft resources in this Active Directory integration guide to Microsoft 365.

To achieve that Microsoft offers Azure Active Directory Connect, a relatively lightweight system running on a database in your office or datacenter, to allow you to synchronize identity information from your on-prem Active Directory with Microsoft Azure AD.

 Installing and Configuring Azure AD Connect

To use Azure AD Connect, take the following steps:

1. Download the Azure AD Connect installer from http://go.microsoft.com/fwlink/?LinkId=615771.
2. Copy the installer to the server that you want to designate as the sync server and run the installer.
3. Agree to the license terms and click Continue.
4. The Express Settings screen appears. Read the details of what the wizard will do. For the purposes of our walkthrough, click Use express settings.

Figure 1. The Azure AD Connect Express Settings screen

• The Connect screen appears. Enter your Microsoft 365 administrator’s username and password and then click Next.
• The wizard will do some computations and then show the Ready to Configure screen. On this screen:

I recommend deselecting the “Start the synchronization process as soon as configuration completes” checkbox. You’ll want to do some filtering of the directory parts that get synchronized anyway, and when you uncheck this box, the wizard configures the sync service itself but disables the scheduler. Once you have completed your filtering, you’ll re-run the installation wizard in order to enable the schedule.

If you are running Exchange locally, check the box to enable a hybrid Exchange deployment. This will enable a few more directory attributes to sync, which will serve you well when it’s time to run the Exchange Hybrid Configuration Wizard, as explained in the next section.

• Click Install.
• Once the installation completes, exit the wizard and reboot the machine.

Customizing what gets synchronized

It makes sense to synchronize only those directory objects that can be used in Microsoft 365; if there is practically nothing you can do with them in the cloud, you don't want a lot of service accounts and other items littering yours.

1. Launch the Synchronization Service Manager.
2. Select Connectors.
3. Open the properties of the Active Directory Domain Services connector.
4. In Configure Directory Partitions, go to Containers. Enter your credentials to proceed.
5. Select the OUs you want to sync and then click OK.
6. Finally, you just need to activate the scheduler, which is just a normal scheduled Windows function that has been disabled.  Simply open the Task Scheduler to activate it, locate the "Sync Scheduler" task, and then press Enable in the right pane under the element selected.  Wait until it runs (or runs it from the Task Scheduler interface immediately) and you will see a bunch of new user accounts in Azure AD. That's how you know the sync works. You can also try to log in to one of the accounts.

IBSCY Ltd, with its certified employees, is a Gold Pertner of Microsoft in Cyprus and in the greater region, providing excellent Microsoft cloud services, IT services, IT support, IT infrastructure and more with expertise to every business.