Windows Azure Active Directory synchronization aka DirSync is a application which is used to synchronize accounts from internal (on-premise) Active Directory out to Windows Azure Active Directory. So, if you create a user account in on-premise Active Directory, the user account is synchronized to Windows Azure Active Directory. Office 365 uses Windows Azure Active Directory. So, in a nutshell, user accounts are synchronized to Windows Azure Active Directory which can be viewed from Office 365 admin portal. So in this post, I will show steps to setup DirSync between Office 365 and Active Directory.
Setup DirSync Between Office 365 and Active Directory
DirSync application can be installed on on-premise domain joined member servers or Active Directory server. You can install DirSync in local Active Directory from version 6553.0002 or above. Here, I will install DirSync application in Active Directory Domain Controller. When you install DirSync following sub components are installed: –
- ForeFront Identity Manager (FIM)
- SQL Server 2012 Components
- SQL Server 2008 setup
- Microsoft Online Services
Log on to Active Directory server with Domain Administrator account. Make sure .Net 3.5 and .Net4.5 are installed. You can install these features from Server Manager Add Roles and Features Wizard as shown below. As you can see .Net 4.5 is already installed. So check .Net Framework 3.5 features to install it. Click Next and Install it.
Now log on to Office 365 portal. Expand Users and select Active Users. Click Activate Active Directory synchronization. On number 3, click Activate to activate Active Directory synchronization.
Optionally you can download and run DirSync error remediation tool. But I will skip this.
Download the DirSync application.
Run the DirSync application. Click Next on Welcome screen. Accept EULA. Click Next.
Browse installation location. Click Next.
The installation will now begin.
After the installation is complete, you can start wizard to setup DirSync.
Now, Windows Azure Active Directory Sync tool installation wizard opens up. Click Next on Welcome screen. Type Office 365 Global Administrator credentials as shown below. Click Next.
Enter local Active Directory login credentials. Click Next.
Uncheck Hybrid setup and click Next. If you check hybrid setup you can create user accounts in Office 365 and it will sync to local Active Directory. Check to enable password sync. Click Next.
The configuration will now start and complete as shown below. Click Next.
Check synchronize your directories now.
Now let’s verify. Synchronization Service Manager is used to monitor the synchronization. To open the application, navigate to the following directory on the member server you installed the dirsync tool C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell, double-click miisclient. You can see the list of operations. If you select one of the operation you will see more detail information in the bottom frame.
Now log on to Office 365 portal. You can see the Active Directory synchronization status. List of users synced with on-premise Active Directory.
In this way you can synchronize user accounts on local Active Directory with Office 365. To force sync the changes to the following directory. C:\Program Files\Windows Azure Active Directory Sync and run DirSyncConfigShell.psc1
Type Start-OnlineCoexistenceSync. Press Enter. This will force a sync between you on-premise Active Directory and Windows Azure Directory Services.
Now you can assign license to users and start using Office 365 services. If you want to run PowerShell cmdlets to manage user accounts then you can download and install Windows Azure Active Directory PowerShell module.