If you’ve stumbled upon this blog, you’ve realized you need to get your on-premises to Office 365 online directory synchronization upgraded.
If you’ve been around as long as I have (read: old guy) then you know there have been many different product names/brands for this DirSync solution: MIIS, ILM, FIM, Directory Sync Services, Windows Azure Directory Sync, Azure Active Directory Sync, probably others.
Today it’s called AAD Connect or Azure Active Directory Connect. And, as of April 2017, this is the only supported methodology for synchronizing users and attributes to be utilized and licensed in Office 365 solutions.
At Mirazon, we’ve been using Azure AD Sync and our Office 365 Admin Portal has been yelling at us for some time now:
So, let’s download and get started with Azure AD Connect. Click on that link above, download the .MSI and run it.
Click Next, and AD Connect did some “checking” for us to see how we’re currently utilizing sync services.
This runs for a bit:
This is great! We now can upgrade. In previous versions of this product, you have to uninstall and then reinstall … and hopefully not lose too many of your settings (read: all of them).
Now we can upgrade. Let’s do that.
Enter your Office 365 tenant/service account. Notice the note at the bottom – since we’re upgrading we have to enter the same credentials here that were used last time. So, go find that password (or reset it).
Now you do the same thing with whatever service account use for your Active Directory domain.
Basically, you have a service to read from on-premises and another service that will be used to write to online.
Ready to go. In our case, I want to sync this as soon as we’re done. I don’t have to. I can clear that. If I was setting this up initially, I would 100% of the time clear that, then do some OU-filtering for sync, then manually start sync.
And, at Mirazon, we have exchange hybrid previously setup. So, check them both. Your mileage may vary. Click Upgrade.
Now wait. And wait. And wait.
There are many other “boring” screen shots that I’ve left out because they aren’t useful.
And then finally, we’re done
Let’s get back into our system and make sure all of the OU syncing is proper. It should be – this is an upgrade. If you are less risk averse than I am, you would have “unchecked” to automatically sync upon upgrade, but I like to live dangerously.
Just to remind you how to get here since the MIISClient doesn’t exist anymore, you have an easy shortcut to Azure Active Directory Connect Service in your Start menu here:
But, once you get there, my friend Kevin has written a great blog on how you can filter and only sync interesting OUs (http://koppihle3.blogspot.com/2015/02/office-365-active-directory-dirsync-how.html)
Great, now we want to actually make sure the directory is syncing. PowerShell is your friend!
That “get” command makes sure things are setup to still sync every 30 minutes (our preference).
Then I force a change/delta sync using “start-adsyncsynccycle -policytype delta”
Then I do another “get” to make sure it happened.
The Service Manager can show you details, etc. if you’d like also.
Great, we’e upgraded and verified that sync is happening both in PowerShell and via the Service Manager.
Let’s go to the Office 365 Admin Portal and make sure it properly reflects that we are using the newest version:
Notice the yellow highlighted line – no errors or warnings. Good. And notice we’re using version 1.1.281.0 – that’s the latest and greatest version of Azure AD Connect as of October 26, 2016.
All done. Wasn’t that easy?