Azure AD Connect is the‘essential tool to synchronize your AD (Active Directory) local with that of Microsoft Office 365.
AD’s synchronization tool allows you to manage your users from the Local Active Directory. It also saves time since you don’t have to create the accounts in the Office 365 environment.
At the end of our guide you will be able to set up a synchronization between your local directory and the Microsoft Office 365 directory
Why use Azure Ad Connect to synchronize your Local Active Directory
Suppose you have dozens of users in your Active Directory, it is unthinkable to manually create each user in your Office 365 tenant.
Azure Ad Connect will allow you to synchronize your local directory to the Microsoft 365 directory (called Azure Ad).
The tool is free but it is possible to subscribe to a premium subscription to benefit from additional options.
Prerequisites to synchronize your Ad domain with Azure AD
To set up the Azure Ad Connect service you must:
- dedicated a server to this service (usually I create an sdedicated virtual server named SRV-ADCONNECT) optional but recommended
- You have an active directory in place within your infrastructure (obligatory)
- Your Microsoft 365 environment is created and your public domain is configured. (obligatory)
How to create your Office 365 environment for free
Setting up Azure Ad Connect
The prerequisites are OK so we will move on to the different steps. Commissioning is relatively simple and fairly quick.
Step 1 – Configuration of the UPN
For the synchronization to be as clean as possible, it is necessary to define a UPN (User Principal Name). The UPN generally corresponds to your public domain (example tutos-informatique.com). Once registered, it will be possible to change the login of your users to [email protected]
For example for my local domain (tutos-info.local) I can add the upn tutos-informatique.com and thus correct the logins of my users by [email protected]
When my Active Directory synchronizes with Office 365 my users will be recognized as @ tutos-informatique.com. Azure Ad is based on UPN to manage logins, if it is not registered your users will be detected at @ xxx.onmicrosoft.com
To configure the UPN you must open on your domain controller the domain service and approval.
Then in UPN suffix you add your domain.
There is a PowerShell script to modify all the accounts in your Directory. The Script modifies the UPN by the user’s email address:
The script is not mine it can be downloaded here too: https://gallery.technet.microsoft.com/scriptcenter/Set-Upn-With-Mail-Address-c4d0ee60
Open a Powershell window then enter the following command:
.Set-UpnWithMailAddress.ps1 -TargetUser * -SearchBase "OU=Test,DC=contoso,DC=com" -LogFile Log.txt
Change the SearchBase to the one for your domain. You can find the path from your active directory., You must activate the display of Advanced Features then right click at the top of your Active Directory. Finally in the attributes look for the “Distinguishedname”
Once launched, the script scans the active directory to make the UPN modification.
Step 2- Install the Azure Ad Connect agent
On your server you must download and install the Azure Ad Connect agent by following this link: https://www.microsoft.com/en-us/download/details.aspx?id=47594
The installation wizard must be followed by completing with:
- The Administrator account of the local Ad
- The Microsoft 365 space administrator account
Finally we finish the installation:
Once finished user accounts will be synchronized in Azure Active Directory.