The purpose of the Azure Active Directory DirSync
tool is to allow your on-premise users the ability to take advantage of Single
Sign On (SSO) when using cloud-based applications in Microsoft Azure. Microsoft
Azure Active Directory is different from a traditional Active Directory as it
is a service offered by Microsoft.
Do not confuse Azure Active Directory with having
Domain Controller VM's running in Azure that are configured to replicate
between your on-premise domain. Azure AD is a managed cloud service from
Microsoft.
The first step is to download and install the
Azure Active Directory DirSync tool from the Technet website the following link
will take you to the correct place http://technet.microsoft.com/en-us/library/jj151800.aspx,
please note that the DirSync tool should be installed on a member server within
the on-premise Active Directory and not a Domain Controller.
The
installation is straight forward, click Next.
Accept the EULA
and click Next.
Choose an
installation folder and click Next.
The
installation can take up to 10 minutes to complete.
While the
DirSync tool is being installed return to the Azure Management Console and
click Active Directory and then double click on the Azure Active Directory you
want to configure the DirSync.
Click Users
and then Add to create a new users within the Azure Active
Directory.
Configure
this user with a username and use the arrow button to continue.
Populate
the user profile fields with the corresponding information, the import part
here is that the Role must be set to Global Administrator this is
required to configure DirSync.
The wizard
will output a temporary password that will need to be reset.
Take note
of the tempoary password as you will need it to reset the password before the
account will work with DirSync.
Go over to
the Azure Active Directory login website and use the e-mail address and
temporary password to login.
You will be
prompted to reset the tempoary password, if you miss this step the Global
Administrator account you configured will not work with the DirSync tool.
The next
step is to ensure that Integration with Local Active Directory is
activated on the Azure AD instance you can do this by going to the Properties
of the Azure AD and selecting the Director Integration tab. From
here select the Active button and ensure you Save the changes.
Accept the
prompt about the impact of enabling activation by clicking the arrow.
The next
step is to configure the Azure Active Directory DirSync tool, by default this
will launch after it completes installation on the member server.
Click Next.
Now you
must specify that Global Administrator account that was created
previously, click Next to continue.
You will
next be prompted for an Active Directory Enterprise Administrator credential
set, this is for the on-premise Active Directory. Click Next.
At this
stage I have not enabled the Hybrid Deployment, click Next.
Ensure the Password
Sync box is ticked and click Next.
The DirSync
tool will configure all the required components.
On
completion you will be asked if you want to perform the first directory sync,
by default this happens every 3 hours.
To ensure
the DirSync tool is working correctly return to the Azure Active Directory
screen and click on Users this should then be populated with all the
users you currently have in the on-premise domain.
