Tag Archive: Dirsync

Azure AD Connect resources

The Microsoft replacement of Dirsync and AADSync is called AAD Connect.This new tool will install and configure the new Azure AD Synchronization Services (AAD Sync) and also the ability to deploy, install and configure AD Federated Services for authentication as well as Password Sync.

Azure AD connect download: http://www.microsoft.com/en-us/download/details.aspx?id=47594

Azure AD connect version history: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-version-history/

Understanding concepts: Full Import, Full Synchronization, Delta Import, Delta Synchronization, Connector Space, Metaverse ; https://blogs.msdn.microsoft.com/connector_space/2015/09/28/the-complete-synchronization-process-part-4-deltafull-importsynchronization-explained/

Azure AD connect install: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/

Azure AD connect custom install: https://github.com/Azure/azure-content/blob/master/articles/active-directory/active-directory-aadconnect-get-started-custom.md

Azure AD connect health: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-health/

Azure AD connect health agent installation: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-health-agent-install/

Azure AD connect “high availability” (in reality it is called “staging mode”): https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-operations/#staging-mode

How to uninstall manually AADConnect: https://blogs.msdn.microsoft.com/vilath/2015/06/17/azure-ad-sync-unable-to-install-the-synchronization-service/

AADConnect user accounts and permissions: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-accounts-permissions/

Enable TLS 1.2 for AADConnect: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/#enable-tls-12-for-azure-ad-connect

Azure AD powerShell cmdlets:



Azure AD connect:

  • Azure AD Connect requires a SQL Server database to store identity data. By default a SQL Server 2012 Express LocalDB (a light version of SQL Server Express: https://www.mssqltips.com/sqlservertip/2694/getting-started-with-sql-server-2012-express-localdb/) is installed and the service account for the service is created on the local machine. SQL Server Express has a 10GB size limit that enables you to manage approximately 100,000 objects. If you need to manage a higher volume of directory objects, you need to point the installation wizard to a different installation of SQL Server.
  • If you use a separate SQL Server, then these requirements apply:
    • Azure AD Connect supports all flavors of Microsoft SQL Server from SQL Server 2008 (with SP4) to SQL Server 2014. Microsoft Azure SQL Database is not supported as a database.
    • You must use a case-insensitive SQL collation. These are identified with a _CI_ in their name. It is not supported to use a case-sensitive collation, identified by _CS_ in their name.
    • You can only have one sync engine per database instance. It is not supported to share the database instance with FIM/MIM Sync, DirSync, or Azure AD Sync.


Previous articles:






Azure AD Sync Services

AADSync has been released in Oct 2014.

Azure AD Sync is optimized for all organizations to easily on-board to Azure and take advantage of both Microsoft online services such as O365 and a world of connected SaaS applications.


Azure AD Sync Services is slated to get a number of new capabilities that DirSync and Forefront Identity Manager 2010 R2 won’t get.

Azure AD Sync Services can do some things that DirSync can’t. It can synchronize multiforest AD environments. It can sync a small set of user attributes. It can also map multiple Exchange deployments to a single Azure AD tenant.

However, Azure AD Sync Services currently lacks a few of DirSync’s capabilities. etc…

AADSync download: http://www.microsoft.com/en-us/download/details.aspx?id=44225

AADSync setup: https://msdn.microsoft.com/en-us/library/azure/dn790204.aspx






DirSync and ADFS are totally different:

  • DirSync allows you to synch your AD on Office 365, that way this creates all users/groups on Office 365 based on your AD; this means 2 different accounts and password for your users, BUT the latest version of DirSync allows password sync also; there will be only 2 different accounts as soons the AD password has been synched with Office 365
  • ADFS allows you to forward Office 365 authentication request to your AD; this means YOUR AD is responsible for authentication, if your AD or ADFS become unavailable, there will be no authentication possible

You can setup DirSync WITHOUT ADFS, but you have to have DirSync for ADFS

Dirsync on Technet: http://technet.microsoft.com/en-us/library/dn441212.aspx

To download DirSync, go to http://portal.microsoftonline.com (Requires an enterprise account), then go to Office 365 Admin center, user and groups, Active Directory synchronization, setup …

Setup DirSync: https://www.cogmotive.com/blog/migration/setting-up-dirsync-between-active-directory-and-office-365