Summary: This comprehensive article guides you through setting up Office 365 AD Sync with Azure Active Directory Connect, ensuring your on-premises and Azure AD stay synchronized. It covers prerequisites, domain configuration, user synchronization, installation, and exporting configurations. Additionally, it highlights the importance of securing Office 365 data with Kernel Export Office 365 to PST, offering versatile backup options and smart filters for data protection.
As a business owner, you understand the importance of organization and data security. Microsoft Office 365 is renowned for enhancing office productivity. However, you may not be aware that you can establish Office 365 AD Sync to seamlessly synchronize user data between your on-premises Active Directory and Azure Active Directory, ensuring data consistency and security.
In this article, we will walk you through how to set up Office 365 AD Sync using Azure Active Directory Connect.
Setting up Office 365 AD Sync (Detailed Steps)
Setting up Office 365 AD Sync involves several intricate steps, but there’s no need to fret. We’re here to provide you with step-by-step guidance throughout the entire process.
Azure AD Connect
Azure AD Connect serves as the bridge between on-premises Active Directory and Azure Active Directory. This tool facilitates the synchronization of on-premises users and computers with Azure Active Directory and can connect to multiple on-premises forests, as well as link Azure Active Directory with multiple Office 365 tenants.
To set up Azure AD Connect, you need the following:
An Azure subscription. If you don’t have an Azure subscription, you can create a free account.
A domain controller running Windows Server 2008 or later in the on-premises environment.
The forest functional level must be at least Windows Server 2008.
If you want to synchronize passwords, the domain controller must be running Windows Server 2012 or later.
The account you use to install Azure AD Connect must be a member of the Enterprise Admins group and the Schema Admins group.
Preparing the Environment
Before the installation, there are some tasks that need to be completed in your on-premises environment and Azure Active Directory: In your On-premises Environment:
Create a user account used to run Azure AD Connect.
Verify that the user account to run Azure AD Connect has Directory Changes permission.
If you plan to synchronize passwords, verify that the user account that will be used to run Azure AD Connect has Reset Password permission.
If you plan to use group filtering, create a global security group in your on-premises Active Directory environment and add the users who should be synchronized to this group.
If you want to filter objects other than groups (for example, contacts or computers), you need to create an organizational unit (OU) for each type of object that you want to filter and then move the objects that you want to filter into the appropriate OU.
In Azure AD:
Verify that Azure AD Connect will be able to communicate with your Azure Active Directory instance.
If you plan to synchronize passwords, verify that the synchronization account has the MS-DS-Consistency attribute populated.
Making the Domain Routable
To utilize an intranet name for your on-premises domain, like “contoso.com,” ensure its network routability. Achieve this by adding a DNS entry for the intranet name on your DNS server and configuring your firewall to permit traffic to this DNS entry.
Adding the New UPN Suffix
To synchronize users from your on-premises Active Directory to Azure Active Directory, you must add a UPN suffix for your on-premises domain in Azure Active Directory. This process is facilitated through the Azure portal.
In the Azure portal, click Azure Active Directory, and then click Properties.
In the UPN Suffixes box, add the UPN suffix for your on-premises domain (for example, contoso.com).
Click Save.
Editing the UPNs for Existing Users
For existing users in your on-premises Active Directory, it’s necessary to update their UPNs to match the new UPN suffix added in Step 4. This task can be accomplished using the Set-User cmdlet in PowerShell.
Edit the Email Proxy Attributes
To synchronize users from your on-premises Active Directory to Azure Active Directory for Office 365 compatibility, you must edit the email proxy attributes of these users. This can be easily achieved using the Set-User cmdlet in PowerShell.
For instance, if you wish to modify the email proxy address for a user with the User Principal Name (UPN) of john@contoso.com to smtp:john@contoso.onmicrosoft.com, you can execute the following PowerShell command:
Check User Names in the O365 Admin Center
After you have synchronized your users from your on-premises Active Directory to Azure Active Directory, you can check to see if the synchronization was successful by looking at the user names in the Office 365 admin center.
In Office 365 admin center, click Users.
Click Active users.
You should see a list of all the users who have been synchronized from your on-premises Active Directory.
If you don’t see any users, make sure that Azure AD Connect is configured to synchronize your on-premises Active Directory with Azure Active Directory.
Install & Configure Azure AD Connect
Now that you have prepared your environment and made sure that your users are synchronized, you can install and configure Azure AD Connect.
Install Azure AD Connect on the server by logging in as a local administrator. The sync server should be the server you want to use.
Navigate to AzureADConnect.msi and double-click it.
Click Continue after selecting the box agreeing to the license terms.
Click Use Express settings on the Express settings screen.
Connect to Azure AD by entering a global administrator’s username and password. Click Next.
You can troubleshoot connectivity problems if you receive an error and have a connectivity problem.
Enter the username and password of an enterprise administrator on the Connect to AD DS screen. NetBios or FQDN is acceptable for the domain part. Proceed to the next step.
Unless you have completed the prerequisites and verified your domains, the Azure AD sign-in configuration page will not appear.
Make sure to check all domains that have been marked as Not Added and As Not Verified if you see this page. Once your domains are verified in Azure AD, click the Refresh symbol.
Within the Ready to configure window, tap on Install.
You can also unselect the Start the synchronization process as soon as the configuration is completed checkbox on the Ready to configure page. To configure additional settings, such as filtering, you should unselect this checkbox. In this case, the wizard will configure sync but leave the scheduler disabled. You must run the installation wizard again to enable it.
When this checkbox is enabled, all users, groups, and contacts will be synchronized immediately to Azure AD once the configuration has been completed.
If you have Exchange installed in the Active Directory on-premises, you can also use Exchange Hybrid deployment. Using this option will allow you to have Exchange mailboxes on-premises as well as in the cloud.
Click Exit when the installation is complete.
If you wish to use Synchronization Service Manager or Synchronization Rule Editor after the installation has been completed, sign off and log in again.
Exporting Azure AD Connect Configuration
Once you’ve installed and configured Azure AD Connect, you can export the configuration for deployment on other servers. Utilize the Azure AD Connect Import/Export Settings Wizard to easily export the Azure AD Connect configuration.
To export the Azure AD Connect configuration using the Azure AD Connect Import/Export Settings Wizard, follow these straightforward steps:
Run the Azure AD Connect Import/Export Wizard.
On the Welcome screen, click Next.
Navigate to the tab Customize and choose Import synchronization settings.
Lastly, hit Install, and you are good to go with the export configuration process.
Office 365 AD Sync via PowerShell commands
You can use PowerShell commands to force synchronization between your on-premises Active Directory and Azure Active Directory. To do this, follow these steps:
Launch the Azure AD Module for Windows PowerShell.
Run the following cmdlet: Start-ADSyncSyncCycle -PolicyType Delta
Verify that the synchronization has been completed successfully by running: Get-ADSyncScheduler
You should see a status of “Enabled” and the Last Sync Result of “Success.”
If you want to synchronize your on-premises Active Directory with Azure Active Directory immediately, you can run the following cmdlet: Start-ADSyncSyncCycle -PolicyType Initial
This will start the synchronization process immediately. This may take some time to complete.
After a successful Office 365 AD Sync, why not try to keep your Office 365 data secured and well backed up!! Keeping up Office 365 data files as a backup is the safest option to boost your measures of security. Here we are with the easy-to-use and most reliable backup tool for you: Kernel Export Office 365 to PST.
This tool is a comprehensive solution to export emails from Office 365 to Outlook. It provides a diverse set of features, enabling you to create backups in various formats such as PST, HTML, MSG, PDF, DOC, and DOCX. Additionally, it offers an automated backup option that utilizes a built-in CSV file, simplifying the backup process according to your preferred schedule.
Furthermore, this utility provides intelligent filters, empowering you to choose precisely which data to include in your backups, guaranteeing that only essential data is archived. Consequently, this tool represents an outstanding option for individuals seeking to secure their Office 365 data effectively.
Office 365 AD Sync is a valuable tool that can significantly enhance your organization’s efficiency and cost-effectiveness. Setting it up correctly is crucial to fully leverage its advantages. By following these straightforward steps, you can seamlessly synchronize your Office 365 account with Active Directory. Additionally, it’s prudent to maintain our tool as a secure backup contingency in cases of emergencies or server issues. Try the trial version today and maximize its benefits immediately.
