How to sync on-premises Active Directory to Azure Active Directory with Azure AD Connect?

How to sync on-premises Active Directory to Azure Active Directory with Azure AD Connect?

Azure AD Connect

Azure AD Connect is a tool that connects functionalities of its two predecessors – Windows Azure Active Directory Sync, commonly referred to as DirSync, and Azure AD Sync (AAD Sync). Azure AD Connect will be now the only directory synchronization tool supported by Microsoft as DirSync and AAD Sync are deprecated and supported only until April 13, 2017.

Before installation

Before starting the installation process, make sure that you:

• are on the server that will handle the synchronization (local AD or any machine joined to local AD)
• checked all the prerequisites. You can find out more details here.
• downloaded Azure AD Connect. You can download it from this Microsoft’s website.
• have a verified domain in Azure Active Directory – non-reputable domains (such as .local) may not sync properly.
• you must have Azure AD global admin credentials and domain Admin credentials for local AD

Installation

There are a few ways to install Azure AD Connect depending on your preferences. As the installation via Express Settings is perhaps the most commonly used scenario, I will use it as an example in this article.  Express Settings is an option to go if you have a single-forest and use password synchronization.

NOTE: all actions below are performed on a test AD created on Azure VM.

1. Once you downloaded Azure AD Connect, navigate to Windows Installer Package (.msi) and double-click on the file.
   
   
2. Agree to the license terms by checking the box (you dont have alternative 🙂 ). Click Continue.
   
   
3. If you have a verified domain, then Use Express Settings option . If you are using a non-reputable domain, like .local, the wizard will recommend going with the Customize option.
   
   

   

4. I still prefered to go with express installation to avoid complexity. provide your Azure AD global administrator credentials (specially *.onmicrosoft.com user) in next window,and Click Next.
   
   

   
5. Now, connect to local AD DS using your enterprise administration credentials. Click Next.
   
   

   

6. If you didn’t add or verify your domain in Azure AD, you will see the Azure AD sign-in configuration section in the wizard. Make sure that you followed this instruction to add or verify the domain. Also make sure that you have added UPN suffix in local ad domain and trust so that it will reflect in sign-in config.

   

   I  have added indiaskb.com (azure verified domain) as UPN suffix thats why i can see it on sign-in page

   

7. In the Ready to configure window, you can put some final touches to the configuration by checking or unchecking available options. I checked the “Start the synchronization process when configuration completes” option.
   
   

   

8. now go to azure AD and see if the on premises users are synchronized to azure AD..