Upgrading to Azure Active Directory Connect

By November 3, 2016Active Directory, Azure

If you’ve stumbled upon this blog, you’ve realized you need to get your on-premises to Office 365 online directory synchronization upgraded.

If you’ve been around as long as I have (read: old guy) then you know there have been many different product names/brands for this DirSync solution: MIIS, ILM, FIM, Directory Sync Services, Windows Azure Directory Sync, Azure Active Directory Sync, probably others.

Today it’s called AAD Connect or Azure Active Directory Connect. And, as of April 2017, this is the only supported methodology for synchronizing users and attributes to be utilized and licensed in Office 365 solutions.

Read more about this deadline.

At Mirazon, we’ve been using Azure AD Sync and our Office 365 Admin Portal has been yelling at us for some time now:

azure active directory connect

So, let’s download and get started with Azure AD Connect.  Click on that link above, download the .MSI and run it.

azure active directory connect

Click Next, and AD Connect did some “checking” for us to see how we’re currently utilizing sync services.

azure active directory connect

This runs for a bit:

azure active directory connect

This is great! We now can upgrade. In previous versions of this product, you have to uninstall and then reinstall … and hopefully not lose too many of your settings (read: all of them).

Now we can upgrade. Let’s do that.

azure active directory connect

Enter your Office 365 tenant/service account. Notice the note at the bottom – since we’re upgrading we have to enter the same credentials here that were used last time. So, go find that password (or reset it).

azure active directory connect

Now you do the same thing with whatever service account use for your Active Directory domain.

Basically, you have a service to read from on-premises and another service that will be used to write to online.

azure active directory connect

Ready to go.  In our case, I want to sync this as soon as we’re done.  I don’t have to.  I can clear that.  If I was setting this up initially, I would 100% of the time clear that, then do some OU-filtering for sync, then manually start sync.

And, at Mirazon, we have exchange hybrid previously setup. So, check them both. Your mileage may vary. Click Upgrade.

Now wait. And wait. And wait.

azure active directory connect

azure active directory connect

There are many other “boring” screen shots that I’ve left out because they aren’t useful.

azure active directory connect azure active directory connect

And then finally, we’re done

azure active directory connect

Let’s get back into our system and make sure all of the OU syncing is proper. It should be – this is an upgrade. If you are less risk averse than I am, you would have “unchecked” to automatically sync upon upgrade, but I like to live dangerously.

azure active directory connect

Just to remind you how to get here since the MIISClient doesn’t exist anymore, you have an easy shortcut to Azure Active Directory Connect Service in your Start menu here:

azure active directory connect

But, once you get there, my friend Kevin has written a great blog on how you can filter and only sync interesting OUs (http://koppihle3.blogspot.com/2015/02/office-365-active-directory-dirsync-how.html)

Great, now we want to actually make sure the directory is syncing. PowerShell is your friend!

azure active directory connect

That “get” command makes sure things are setup to still sync every 30 minutes (our preference).

Then I force a change/delta sync using “start-adsyncsynccycle -policytype delta”

Then I do another “get” to make sure it happened.

The Service Manager can show you details, etc. if you’d like also.

azure active directory connect

Great, we’e upgraded and verified that sync is happening both in PowerShell and via the Service Manager.

Let’s go to the Office 365 Admin Portal and make sure it properly reflects that we are using the newest version:

azure active directory connect

Notice the yellow highlighted line – no errors or warnings. Good. And notice we’re using version 1.1.281.0 – that’s the latest and greatest version of Azure AD Connect as of October 26, 2016.

All done. Wasn’t that easy?

If you have questions about shifting over to Azure Active Directory Connect, send us an email or give us a call at 502-240-0404!