Thursday 6 November 2014

Configuring DirSync for Syncrhonization Between Azure Active Directory and Traditional On-Premise Active Directory

The purpose of the Azure Active Directory DirSync tool is to allow your on-premise users the ability to take advantage of Single Sign On (SSO) when using cloud-based applications in Microsoft Azure. Microsoft Azure Active Directory is different from a traditional Active Directory as it is a service offered by Microsoft.

Do not confuse Azure Active Directory with having Domain Controller VM's running in Azure that are configured to replicate between your on-premise domain. Azure AD is a managed cloud service from Microsoft.
The first step is to download and install the Azure Active Directory DirSync tool from the Technet website the following link will take you to the correct place, please note that the DirSync tool should be installed on a member server within the on-premise Active Directory and not a Domain Controller.

The installation is straight forward, click Next.

Accept the EULA and click Next.

Choose an installation folder and click Next.

The installation can take up to 10 minutes to complete.

While the DirSync tool is being installed return to the Azure Management Console and click Active Directory and then double click on the Azure Active Directory you want to configure the DirSync.

Click Users and then Add to create a new users within the Azure Active Directory.

Configure this user with a username and use the arrow button to continue.

Populate the user profile fields with the corresponding information, the import part here is that the Role must be set to Global Administrator this is required to configure DirSync.

The wizard will output a temporary password that will need to be reset.

Take note of the tempoary password as you will need it to reset the password before the account will work with DirSync.

Go over to the Azure Active Directory login website and use the e-mail address and temporary password to login. 

You will be prompted to reset the tempoary password, if you miss this step the Global Administrator account you configured will not work with the DirSync tool.

The next step is to ensure that Integration with Local Active Directory is activated on the Azure AD instance you can do this by going to the Properties of the Azure AD and selecting the Director Integration tab. From here select the Active button and ensure you Save the changes.

Accept the prompt about the impact of enabling activation by clicking the arrow.

The next step is to configure the Azure Active Directory DirSync tool, by default this will launch after it completes installation on the member server. 

Click Next.

Now you must specify that Global Administrator account that was created previously, click Next to continue.

You will next be prompted for an Active Directory Enterprise Administrator credential set, this is for the on-premise Active Directory. Click Next.

At this stage I have not enabled the Hybrid Deployment, click Next.

Ensure the Password Sync box is ticked and click Next.

The DirSync tool will configure all the required components.

On completion you will be asked if you want to perform the first directory sync, by default this happens every 3 hours.

To ensure the DirSync tool is working correctly return to the Azure Active Directory screen and click on Users this should then be populated with all the users you currently have in the on-premise domain.