Since the release of Windows 2000, Active Directory (AD) has been the way users have logged in to on-premises enterprise networks and business-based systems, including Microsoft Exchange Server.
As more computing takes place in the cloud, businesses need both on-premises and cloud user verification. For one set of credentials to access both (“synchronize”), Microsoft in 2015 introduced the “Azure AD Connect” tool.
Migration to Azure AD Connect is strongly recommended, because two widely-used Microsoft synchronization tools, Windows Active Directory Sync (DirSync) and Azure AD Synchronization Services will no longer be supported by Microsoft after April 13, 2017. Two other Microsoft synchronization tools – Azure Forefront Identity Manager 2010 R2 (FIM2010) and Microsoft Identity Manager 2016 (MIM2016) – are not going away, but have more limitations than Azure AD Connect. The following is a summary of an article from Redmond Magazine; to read the full article, follow the link at the bottom of the page.
Requirements for Azure AD Connect to run on your on-premises environment:
- A forest functional level of Windows 2003 or higher. Verify this level via clicking the “Active Directory Domains and Trusts” console, clicking on container of same name, and clicking its “Raise Forest Functional Level’ command, which displays the current level.
- Verify how many objects exist in AD. This number determines hardware and software requirements. To do this, open a Windows PowerShell window on a DC (Device Context) and type in the command pictured below.
- Azure AD Connect comes with SQL Server 2012 Express which handles up to 100,000 objects. For more than 100,000, SQL Server is recommended.
- Irrespective of object count, the server requires at least a 1.6Ghz CPU. Memory and storage requirements vary with object count.
- Version 4.5.1 of Microsoft.NET Framework is necessary.
- Powershell 3.0 is also necessary.
- Additional components or configuration tasks may be required, depending on how you will use the server.
BEFORE INSTALLATION
Add your domain to Azure. Then verify ownership of the domain.
Without this step, you will be allowed to go through the Set Up process, but on-premises credentials will not be recognized on Azure AD.
INSTALLATION
EXPRESS installation can be used only if:
- You have fewer than 100,000 objects in your AD, and
- You have only one AD forest, and
- You have an AD account with enterprise admin permissions.
You will need to download Azure AD Connect (you can do so here: bit.ly/1JPD3qY). Choose Run and the Setup wizard will begin.
Setup starts with selecting the license agreement. On the next screen, choose Express, not Custom. You will get a welcome screen like this:
Input your Azure AD credentials. After they’re verified, you will be prompted to enter a valid set of credentials for an on-premises account with enterprise admin permissions.
Installation then follows.The Configure screen lists the steps Setup will perform.
However, two important check boxes precede installation.
- Leave the box checked which allows synchronization to start when configuration is finished.
- “Exchange hybrid deployment” should only be checked if you are running Exchange Server with Azure.
Lastly, click Install.
This was just a basic deployment of Azure AD Connect; the process can be much more involved in larger environments. Here are two TechNet documents that will provide further guidance if you need more than what’s presented above.
- Prerequisites for Azure AD Connect provided here: bit.ly/2mmfOk2
- If you prefer Custom Setting (as opposed to Express), are upgrading from DirSync or Migrating from FIM2010 or MIM2016, read this: bit.ly/2mO9zm6
Source: Redmond Magazine, Synchronize Directories with Azure AD Connect