Pre-Requisites:
- Must have set up an Office 365 Tenant Account
- Must have set up Azure Account
- Must have Enterprise Admin rights on the Active Directory
- Must have Global Admin rights in the Office 365 tenant account
- Have met the Forest, Active Directory and Operating System requirements
- From a domain joined machine, log in with an account that has Enterprise admin rights
- Log into portal.office365.com
- Go to “Users” > Active Users > and click “Setup”
- Follow the instructions. You will be guided through confirming domains
- Next you will be prompted to download and run IDFix. Run this tool to check AD for errors.
- Next you will be prompted to Download the AzureADConnect tool. Save it to a network share. You will need to run this from your DirSync server next. Download the tool here : http://go.microsoft.com/fwlink/?LinkID=278924 | <More Info to be added here>
Additional guide here – https://blogs.technet.microsoft.com/canitpro/2014/05/13/step-by-step-syncing-an-on-premise-ad-with-azure-active-directory/ - From the DirSync Server, run the AzureADConnect tool. Follow the wizard. Once complete the Active Directory should sync to Office 365.
Other Tools
There are three tools we can use to initiate DirSync
- Identity Manager
- PowerShell
Initiate Sync with PowerShell
To initiate a Delta Sync, open Windows PowerShell and run:
Start-ADSyncSyncCycle -PolicyType Delta
To initiate a Full Sync, open Windows PowerShell and run:
Start-ADSyncSyncCycle -PolicyType Initial
Sync Time
To change the synchronization time (i.e. the time between synchronizations, we can use Microsoft.Online.DirSync.Scheduler.exe.config. This config file can be found in : C:Program FilesWindows Azure Active Directory Sync. Change the value 3.0.0 to whatever you need, H,M,S.
To verify synchronization we can do the following:
- Check Office 365 portal of new accounts
- View Sync results in Identity Manager
- View Sync results in Event Manager
Initiate Sync with Identity Manager
Go to “C:Program FilesWindows Azure Active Directory SyncSYNCBUSSynchronization ServiceUIShell” on your Identity Manager server.
Launch miisclient.exe.> Management Agents > Active Directory Connector (right click > Run) > Select Full Import Full Sync.
