Upgrading DirSync to AADSync for Office 365 and Azure environments

7 Replies

As of 11/11/2014, Microsoft has released their next generation tool for providing synchronization between an on-premise Active Directory environment and Microsoft based cloud service (Azure, Office 365 Suite (Lync Online, CRM, SharePoint, Exchange, etc.)).  The utility is now referenced as Microsoft Azure Active Directory Sync Services (AADSync).

In this tutorial, we will go over the process to ensure you are on the new generation of their synchronization tool.  The process is fairly straight forward, uninstall the old DirSync utility, install the new AADSync utility.  If you wish to install the utility on a new server, stop the DirSync service, install the AADSync utility on the new server, and then uinstall DirSync after you have verified synchronization is successful on the new machine.

Here is the uninstall DirSync and install AADSync process

  1. Download a copy of the AADSync utility from Microsoft's website: http://www.microsoft.com/en-us/download/details.aspx?id=44225
  2. Login to the server currently running DirSync
  3. Open up Control Panel
    Server - Start Menu - Control Panel
  4. Select Programs and Features (notice I am in the View By Small icons view)
    Control Panel - Small Icons - Programs and Features
  5. Uninstall the Windows Azure Active Directory Sync tool
  6. Select Yes to uninstall when prompted
    Windows Azure Active Directory Sync - Another instance dialog - Uninstall
  7. Uninstall Forefront Identity Manager Synchronization Service if it wasn't uninstalled already
    Uninstall - Forefront identity Manager Synchronization Service
  8. Run the MicrosoftAzureADConnectionTool.exe application you downloaded from Microsoft
    MicrosoftAzureADConnectionTool Installer
  9. Check I agree to the license terms and click Install
    Microsoft Azure Active Directory Sync Services - Install
  10. Once the install has finished, open up Computer Management and navigate to System Tools -> Local Users and Groups, Groups, and double click on ADSyncAdmins
    Computer Management - Local Users and groups - Groups - ADSyncAdmins
  11. Ensure your user account, user group, or local machine has been added to the security group
    ADSyncAdmins - Group Membership
  12. Log out of Windows
    Windows 8-Server 2012 - Sign Out

    1. Note: This step is needed to ensure you have proper user privileges when running the sync tool.  When running through the sync tool's installer, your user account will automatically be placed in a local security group called ADSyncAdmins.  A logout is needed to update your session otherwise you may receive the following error message:
      Your account is not a member of the ADSyncAdmins security group.  If you have recently installed Azure AD Sync, sign out before running this installation guide again.
      Microsoft Azure Active Directory Sync Services - Your account is not a member of the ADSyncAdmins security group
  13. Upon login, open up the DirectorySyncTool application
    DirectorySyncTool
  14. Enter your Azure or Office 365 admin credentials and click Next
    Microsoft Azure Active Directory Sync Services - Azure AD Credentials
  15. Enter in your forest name, username (must be in domain\username format), and password (Active Directory on-premise credentials) and click Add Forest
    Microsoft Azure Active Directory Sync Services - AD DS Credentials

    1. Note: If you are unsure what your forest name is, login to your domain controller and execute the following powershell command to list all forests in your deployment:
       Get-AdForest | FT Name
  16. Click Next once your forest has been validated
    Microsoft Azure Active Directory Sync Services - AD DS Credentials - Forests Validated
  17. Click Next on User Matching
    Microsoft Azure Active Directory Sync Services - User Matching
  18. Check the boxes that are applicable to your deployment and click Next
    Microsoft Azure Active Directory Sync Services - Optional Features
  19. Click Configure
    Microsoft Azure Active Directory Sync Services - Configure
  20. Click Finish
    Microsoft Azure Active Directory Sync Services - Finish

 

7 thoughts on “Upgrading DirSync to AADSync for Office 365 and Azure environments

  1. Sri T

    Hello, Jack,
    We are using DirSync, ADFS2.0 and Exchange 2010 Hybrid deployment and would like to know if I could upgrade DirSync to AADSync first, upgrade ADFS.20 to ADFS 3.0? or do they have to upgraded at the same time.

    Thank you in advance.

    Reply
    1. Jack Post author

      Hi Sri T,

      Actually, AADConnect was just announced yesterday, so I would encourage you to upgrade to that.

      You do not need to upgrade to ADFS v3 in order to use the newer sync tools, you can still be on ADFS 2.0. If you are upgrading both, you can upgrade ADFS or DirSync, the other will not matter.

      Jack

      Reply
  2. Anthony

    Hi Jack,

    Thank you for this instruction. I have a question. We are currently running Dirsync in our environment. We would like to upgrade to AADSync, but install the service on a different server. Is this advisable, while uninstalling Dirsync from the old server.

    Thank you

    Reply
    1. Jack Post author

      Hi Anthony,

      I would advise installing Azure AD Connect as it will do an in-place upgrade from DirSync. It is not advisable to run both DirSync and AADsync/Connect at the same time.

      Jack

      Reply

  3. Pingback: Azure AD login - "we are unable to connect right now"

  4. ITS

    Hi, when we run the upgrade from DIRSYNC to AD CONNECT we get a message "users will not be able to sign in with on-premise credentials"
    We just want to continue to login with DOMAINNAME\username...
    What is this message telling us...?, no one else seems to get it..
    Thanks in advance

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *