How to Sync Azure AD with On Premise AD?

 Active Directory, Azure Active Directory, Perumal
May 28 2014

How to Sync On-premise AD with Windows Azure AD using Azure AD Sync tool

Before syncing the on-premise AD with Azure AD, let's warm up with the basic concepts involved with this topic. Let's start with Azure AD; it is a service that provides identity and access management capabilities in the cloud. Azure AD can be integrated with existing on-premise AD for providing single sign-on functionality for their users to access the cloud applications. So it is essential for organizations to keep the identities in both on-premise AD and Azure AD to be in sync. To solve this sync requirement, we have Azure Active Directory Sync tool, which provides one-way synchronization from on-premise AD to Azure AD.

Prerequisites

  • Windows Server 2008R2 SP1 or Higher
  • Only 64 bit version supported
  • .Net framework 3.5 SP1 and .net framework 4.0
  • It should not be installed on the DC.

Test Lab Environment:

  • Active subscription for Azure Active Directory
  • On-premise AD server (Windows Server 2012)
  • Azure Active Directory Sync Tool

1. Create Azure AD and Activate Azure AD Sync

  • Login to windows azure management console, from the left hand bottom portion of the menu click "New".
  • Now a new page opens, in which navigate to NEW > APP SERVICES > ACTIVE DIRECTORY > DIRECTORY and click CUSTOM CREATE as shown below,
Windows Azure Active Directory

  • Now in the Azure AD creation page provide the values as shown in the below screenshot,
Microsoft Azure Active Directory

  • Now Azure AD has been successfully created.
NOTE: By default the domain name will additionally include .onmicrosoft.com. Here, I have specified jiji for domain name, so the complete domain name will be jiji.onmicrosoft.com.
  • To activate the Azure AD Sync for the created AD, from the left pane select Active Directory, then in the Active Directory page, click the Azure AD and select the DIRECTORY INTEGRATION menu. Then click ACTIVATED and finally click SAVE to confirm the changes.
Azure Active Directory Integration

  • Now Azure AD Sync has been activated successfully.

2. Download and Install Azure AD Sync tool in on-premise AD

  • From your on-premise windows server, login to windows azure management console.
  • Now from the left pane select Active Directory, then in the Active Directory page, click the Azure AD and select the DIRECTORY INTEGRATION menu.
  • In the DIRECTORY INTEGRATION menu, scroll to bottom section and download the Directory Sync tool as shown below,
azure active directory

After downloading the Azure AD Sync tool proceed with the installation steps as shown below,

  • Welcome page provides detail on Azure Active Directory Sync tool, click next to proceed.
Active Directory Windows Azure

  • Accept the license agreement to proceed with installation.
Active Directory Azure

  • Select the installation folder for Azure Active Directory Sync tool,
Azure Active Directory Sync

  • Now the installation begins.
Azure Active Directory Sync Tool

  • Now the installation is completed.
Wxindoes Azure Active Directory Sync Services

  • Click Finish to start the configuration wizard.
Azure Active Directory Integration

3. Configure Azure AD Sync tool in on-premise AD

After installing the Azure AD Sync tool proceed with the configuration steps as shown below,

  • Configuring Azure AD Sync tool will establish synchronization between the on-premise AD and Azure AD.
Azure Active Directory

  • Provide the credentials of user account with administrator permissions for Azure AD for allowing the changes from on-premise AD to synchronize with Azure AD.
Sync Active Directory

  • Now provide the credentials of user account with administrator permissions in on-premise AD to grant the permission for Azure AD Sync tool to synchronize the changes in on-premise AD with Azure AD.
Azure Active Directory Sync

  • Enable hybrid deployment allows some Active Directory object attributes that are modified in Office 365 to be written back to your local AD. This is a requirement for some Office 365 functionality, such as email. If you don't have Exchange (Exchange 2010 Sp1 or above) in your local environment, this option will be greyed out. In my environment, I don't have Exchange Server so this option is greyed out.
Azure Active Directory Hybrid Deployment

  • Enable Password Sync option to synchronize the password of users in on-premise AD with Azure AD for single sign-on.
Azure Active Directory Synchronization

  • Now the configuration begins.
How to configure azure ad sync

  • Now the configuration is completed.
Active Directory Azure Sync Configuration

  • Now click Finish to initiate the synchronization between on-premise AD and Azure AD.
Synchronize Active Directory

4. Testing Sync between on-premise AD and Azure AD

Now comes the interesting part, as we always feel better to taste (test) than cook (configure). So let's taste the dish which we have prepared in the previous section.

  • Now I create a test user account in on-premise AD as shown below,
Active Directory Users and Computers

NOTE: Checkout this link for list of attributes that are synced by the Windows Azure Active Directory Sync tool.
  • To confirm the sync between on-premise AD with Azure AD, now I login to windows azure management console and navigate to Active Directory > Azure AD > Users. In the Users list, now I confirm that the user account created in on-premise AD is synchronized with Windows Azure AD as shown below,
Azure Active Directory Users creation

Thus we have synchronized the on-premise AD with Windows Azure AD using Azure AD Sync tool.