When migrating to Office 365 environment, mostly organizations preserve the old on-premises structure. Sometimes it is because the migration process can take quite a bit of time to finish, or may be the company wants to follow the hybrid scenario.
An Easy “Video Tutorial” as an addon is also included in this blog for live demonstration. However I recommend you to follow all steps sequentially mentioned below.
One of the important aspects of the coexistence setup is Synchronization of Active Directory between On-Premise AD and Cloud’s Azure AD. Its accomplished using Microsoft’s Azure AD Connect Tool:
Microsoft Azure Active Directory Connect Tool:
Its used to sync the On-Premise local AD with the Azure AD Office 365. The program syncs all accounts, with their access passwords up to Office 365. Microsoft recommends installing Azure AD Connect on a member server within a domain, & should not be deployed on a Domain Controller.
Download Azure AD Connect: https://www.microsoft.com/en-us/download/details.aspx?id=47594.
Follow the On-Screen Wizard to install it. Next comes the Configuration which is explained in detail below.
Configuration Of Azure AD Connect Tool:
a) After installation of Azure AD connect tool, open its configuration Wizard and click I Accept the License Terms.
2) Choose Customise in the next Screen.
3) Leave all the default options as it is. Click Next.
4) Here we specify the method used to authenticate users. Here in the lab we will keep it simple and select Password Synchronization and allow password hashes from the local AD to be passed to 365.
5) Enter the Office 365 Global Admin Credentials:
6) Add a local Active directory, enter the credentials for a domain admin and press Add Directory. After that enter the On-premise Administrator Credentials.
7) Here we can leave the defaults as shown but ensure the source anchor is set to objectGUID and the UPN set to userPrincipalName then press Next.
8) The next screen will show all Organizational Units (OU’s) of On-Premise Active Directory. Note: The best practice says that we should create one custom Syncing OU and keep all the users to be moved to the cloud in it. Leaving rest intact at on-premise unless specifically required.
9) Keep the default options selected at this step:
10) Choose Synchronize all users & groups:
11) Make a check on Password Hash Synchronization option (Exchange Hybrid Deployment is optional). There are some great features here that are worth knowing about. Lets take a look at what each of these do just in case you haven’t seen them before:
Exchange hybrid deployment: Used to allow an Exchange hybrid setup but specifically allows some exchange attributes to be synchronized back to the on-premises AD.
Azure AD app and attribute filtering: Used to specify what can and cant sync based on specified attributes.
Password hash synchronization: Allows on-premises AD user password hashes to be synchronized into Office 365. This means users can log into the 365 portal using their local passwords.
Password writeback: Allows passwords to be changed in the 365 portal and then synced back to the on-premises AD.
Group writeback: Allows groups to be created in the 365 portal and then synced back to the on-premises AD.
Device writeback: Allows Azure AD registered devices to be synchronized back into the on-premises AD. This then allows those devices to authenticate with on-premises resources.
Directory extension attribute sync: Allows you to sync custom attributes into 365.
12) Here we select Start the Synchronization Process when Configuration completes. Press Install to continue.
13) Azure AD Connect is configured now to sync objects to Office 365.
14) Press Exit to finish.
Congratulations friends, the Azure AD Connect configuration is completed now.
We will be adding a new user “[email protected]” in our Server 2012R2 Active Directory and will be using Azure AD connect to sync that user to Azure Active Directory of Office 365 Portal.
As [email protected] is added into Syncing OU at On-Premise AD, and Azure AD Connect tool will pick it up and sync (add) to cloud. Any users added or removed inside our custom created Syncing OU will replicate in the Azure AD as well.
Step2 – Launch the miisclient.exe program or type Synchronization Service in Search to open Synchronization Service Manager. It displays Import & Export (syncing) of data from On-Premise to cloud. In the upper part of the window, there is a list of all current sync cycles and in lower left all current modifications to AD are listed.
By default Azure AD Connect syncs any changes after every 30 minutes. As we recently added the user [email protected], so either we have to wait 30 minutes or we can even force the sync to occur using below Powershell Command.
Start-ADSyncSyncCycle -PolicyType Delta
Now lets see the ADDS option which will show us a new user added to sync.
That new added user is shown when we click Add –
Step 3: Lets Open Portal.office.com and check when the last sync happened. 1 minute ago means that if we added a user or removed 4 to 5 minutes ago and run the above command, that change should replicate to Azure AD also. Lets check.
Lets finally check the user has synced or not. Open Users – Active Users – search using users display name “Utk100” and Hurray! We are able to find it. Its Sync Type is also “Sync with Active Directory“.
I hope its easy for you to deploy Azure AD Connect Server in your environment keeping the fact to sync only Selected OU’s & leaving all Clutter at On-premise.
Wait!!!! Still feeling its difficult. Not at all. I have a Video Demonstration below. Click play button below to watch it.
Thanks a ton for reading my blog. I know its a bit complicated to perform all steps first time, however if you follow along with my steps, I can assure you that you will not face any issues syncing on-premise objects to office 365.
If you like my blog, please post your feedbacks or queries below.