One of the most troublesome tasks integrating your on-premises Active Directory environment with Azure was getting everything synced to Azure AD. At one time, we had to finagle with tools such as DirSync, AAD Connect, AAD Sync, etc. It was a pain. Microsoft has taken note and released a tool called Azure AD Connect to simplify the process.

This is a simple tool that allows you to install a piece of software on a domain-joined server, which will then automagically sync up your on-premises AD environment with Azure AD.

In order to use Azure AD Connect, you must first meet a few prerequisites:

  1. You must be a global administrator in Azure AD for the Azure AD tenant to sync.
  2. Your on-premises domain controller must be Windows Server 2008 or later.
  3. You must be an enterprise administrator in your on-premises AD environment.

If you've met all the prerequisites, you're good to go! First, you'll need to download Azure AD Connect. Once downloaded, simply run the installer and accept all the defaults.

Once Azure AD Connect is installed, you'll be prompted either to choose Express Settings or get more advanced with customizations. I have a single Active Directory forest so I'll choose Express Settings.

Choosing Express Settings for Azure AD Connect

Choosing Express Settings for Azure AD Connect

All the necessary components will then begin installing onto the server to get on-premises AD synced up with Azure AD.

I'm then prompted to provide my Azure AD global administrator credentials.

Entering Azure AD global administrator credentials

Entering Azure AD global administrator credentials

Once I've hit Next, Azure will verify I have all the appropriate rights.

I'm then prompted to input my on-premises AD credentials, which will also be verified to ensure that the account has the appropriate permissions.

Entering on-premises AD credentials

Entering on-premises AD credentials

Once I'm done, I'm presented with the option to begin configuration and automatic synchronization, which I will choose to do.

Synchronization process start

Synchronization process start

This then begins to install more prerequisite software, such as a small SQL express database and a few other pieces of software required for the synchronization.

During the configuration, you'll see the progress of each step. For my demo domain, this process only took a couple of minutes in total.

Configuration progress

Configuration progress

When complete, you'll receive a message indicating that the synchronization was successful!
Synchronization process complete

Synchronization is complete

The last step is to confirm the sync actually worked by entering the Azure Portal and verifying all my on-premises accounts have been populated in Azure AD.

Verifying that on-premises accounts have been populated

Verifying that on-premises accounts have been populated

You can see that I had five local accounts in my on-premises AD forest. That is all there is to it. If you've had to set this up before, you'll find this is far easier than it used to be! If you'd like more information about using the customization feature in particular, check out Microsoft's Active Directory Team blog post. It explains everything you'll see if you need more control over the behavior.


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account