<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2525 " id="quads-ad2525" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<p>To install <strong>Azure Active Directory Sync</strong> , we will have to prepare prerequisites</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2528 " id="quads-ad2528" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2524 " id="quads-ad2524" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2529 " id="quads-ad2529" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>




<p><a href="https://technet.microsoft.com/library/jj151815.aspx?f=255&;MSPPError=-2147217396#bkmk_installmodule">https://technet.microsoft.com/library/jj151815.aspx?f=255&;MSPPError=-2147217396#bkmk_installmodule</a></p>



<p>To prepare Azure Active Directory Sync Server, you will need to download the following tools to check for users attributes on your local AD:</p>



<ol class="wp-block-list"><li><strong>Mirosoft Windows Server 2008R2/2012R2</strong></li><li><strong>NetFramework 4 (For IDFIX tool to work)</strong></li><li><strong>IDFIX (to Check if there&#8217;s any issue on AD with DirSync)</strong></li></ol>



<p><strong>Note:</strong></p>



<p>One of the new features that came with AADSync is that it can be installed on the DC server as well. but some may choose to have it on a separate server to avoid any risk.</p>



<p><strong>Software Prerequisites</strong></p>



<p><strong>Install required tools for Azure Active Directory Connector (Dirsync)</strong></p>



<ol class="wp-block-list"><li>AADSYNC latest version (<a href="http://www.google.com/url?q=http%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D44225&;sa=D&;sntz=1&;usg=AFQjCNG1n28zs_BxP7ip3NqA8p1VoDRsMw" target="_blank" rel="noreferrer noopener">Download here</a>) (Version Review <a href="http://www.google.com/url?q=http%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2Fcontents%2Farticles%2F18429.dirsync-directory-sync-tool-version-release-history.aspx&;sa=D&;sntz=1&;usg=AFQjCNHf9xSAi_bQk6f07zV3V3JDwBjAXQ" target="_blank" rel="noreferrer noopener">link</a>)</li><li>Microsoft Online Services Sign-In Assistant for IT Professionals RTW <a href="http://www.google.com/url?q=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F5%2F0%2F1%2F5017D39B-8E29-48C8-91A8-8D0E4968E6D4%2Fen%2Fmsoidcli_64.msi&;sa=D&;sntz=1&;usg=AFQjCNHHMcA3i9F5UrD9kWpFJDU28SNIWg" target="_blank" rel="noreferrer noopener">(Here)</a></li><li>Azure Active Directory Module for Windows PowerShell (64-bit version) <a href="https://www.google.com/url?q=https%3A%2F%2Fbposast.vo.msecnd.net%2FMSOPMW%2FCurrent%2Famd64%2FAdministrationConfig-en.msi&;sa=D&;sntz=1&;usg=AFQjCNEsCqy7csrkKGHrQ1H7fBjpqAgWHA" target="_blank" rel="noreferrer noopener">(Here)</a></li></ol>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-xIv8JYexomQ/VVH_ACBWK4I/AAAAAAAAO3c/KFkTFKUTs4A/s1600-h/clip_image001%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/ZPv3croAhkmu4OYqsPJWZ2bm583zxpC1iwGqJLz9rOX4MXRexnc1v4TgeB2MNovQg3xs9tOBoQS_QQ9terkOHs8LX2DOhabqX_mlqb1DWcgsO0TyDQ=w673" alt="clip_image001"/></a> 

<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2526 " id="quads-ad2526" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>
 
</figure>



<p>Additionally, to connect and synchronize to Office 365, the following prerequisites need to be installed before installing AADSYNC…</p>



<p>Install “<a href="http://www.google.com/url?q=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3Flinkid%3D236297&;sa=D&;sntz=1&;usg=AFQjCNEMcZ18WA4PzPzhD4NJiUP4TfhN3w" target="_blank" rel="noreferrer noopener">Windows Azure Active Directory Module for Windows PowerShell (64-bit version)</a>”. It is highly recommended that this machine be restarted before installing DirSync.</p>



<p>NOTE: Effective October 20, 2014, the 32-bit version of Azure Active Directory Module for Windows PowerShell is discontinued. Support for the 32-bit version will no longer occur, and future updates to the Azure Active Directory Module will be released only for the 64-bit version. We strongly recommend you install the 64-bit version to ensure future support and compatibility. Refer to “Install the Azure AD Module” in <a href="http://www.google.com/url?q=http%3A%2F%2Ftechnet.microsoft.com%2Flibrary%2Fjj151815.aspx%23bkmk_installmodule&;sa=D&;sntz=1&;usg=AFQjCNFbRIvpn46WNMdQ3Ep9BqNMJL59qA" target="_blank" rel="noreferrer noopener">Manage Azure AD using Windows PowerShell</a>.</p>



<p>If DirSync is to be installed on a server with Windows 2008 R2, beginning with version 1.0.6765.0006, PowerShell 3.0 is required and can be installed from <a href="http://www.google.com/url?q=http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2506143&;sa=D&;sntz=1&;usg=AFQjCNEMUUeEh3T7i0dSaUXLQp59rUKpTA" target="_blank" rel="noreferrer noopener">Windows Management Framework 3.0</a>; AND beginning with version 1.0.6985.000, .NET Framework 4.5.1 is a prerequisite.</p>



<p>From <;<a href="https://www.google.com/url?q=https%3A%2F%2Foddytee.wordpress.com%2F2014%2F03%2F11%2Frequirements-for-dirsync%2F&;sa=D&;sntz=1&;usg=AFQjCNH9rcKhu0upkDmrnXJSWWbhK7TByA" target="_blank" rel="noreferrer noopener">https://oddytee.wordpress.com/2014/03/11/requirements-for-dirsync/</a>>;</p>



<p><strong>Installing Netframework 4.5</strong></p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-gbDl2PoT--w/VVH_B3b3JFI/AAAAAAAAO3s/KpYFskM7V1A/s1600-h/clip_image002%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh4.googleusercontent.com/neLjKH8Nn8up4l5lL99O5cTjcMeR3FpNRw16mddOV0NTSBCniOs557QRRtLepu59WSDbXMXHYGyWCSbvNDQrqDhoO21GMSMaUU2cR-5HQeS8LtwCEY0=w572" alt="clip_image002"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-657Qa6_Ngas/VVH_DcBwBoI/AAAAAAAAO34/wANMea20U7o/s1600-h/clip_image003%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/Ve9Mjwg6KFi_frPbGH0V1uBKEveLWxW8YBm539ShU0wzSHau_kQdyXiP-y0yXxXfezX8SEG08veBnEcSoD1gAN_AiNhpJ5ZTtWps7IoCbQFOANYmqKM=w572" alt="clip_image003"/></a></figure>



<p>Once you download IDFIX, you have to unzip and run the exe tool</p>



<p>Right click on Idfix and run it as administrator to give it the required privileges to access AD users and groups.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-h7sVntFtRgE/VVH_Ew4hDUI/AAAAAAAAO4M/YqdwWme2x0o/s1600-h/image%25255B2%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh5.googleusercontent.com/N-LD173fSQndMMvi_mjFT8jtNX1Bke1WA9DHo2-5bYhoeWXe-2ak0kpFC5MVt23fYV7hcB8hEhtxuKgyp1ggWqfPXde3sO531CycmrW_hMZz0iY9Xv10=w673" alt="image"/></a></figure>



<p>After you run it, it must look like the following</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-9xKTw6dbd2Y/VVH_GTXcsQI/AAAAAAAAO4c/p-cqDLuutj4/s1600-h/clip_image004%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/4OWPaivhCy04zW5QHvu9VRP9ZAbYXtz6tEWDau_1uv9NkTKfvomcc4HNFvCmiAgILwOqfDmxZU-kmhq2aXWBye9CfhZuQvy1ujfYXhGPPJwRvoKOcHIk=w673" alt="clip_image004"/></a></figure>



<p>After running the tool you will have to click on<strong> Query</strong> to get the problematic users/groups and solve the ones that you want them to be synced to Office 365 Azure AD.</p>



<p><strong>Top Level Domain:</strong></p>



<p>The most common issue that occurs when preparing for AADSYNC is the Top Level domain users related errors (If .local is used)</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-5We7H4juhX0/VVH_II_zlMI/AAAAAAAAO4s/KUTuXAj4PYs/s1600-h/clip_image005%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/_bdApfNt86EBWKdcXmJbHLgE_zboc6dOtVVsmq81k9A8u8y9TSfUeNlfNg2G8ln9ZQxfhE1lr7Vc6Le8bj2cAz2Qxzp2Nmw59CTmbEb3zlCMNZZpACE=w673" alt="clip_image005"/></a></figure>



<p>To Fix this issue for all the users/groups which will be synced to O365 you will have to open <strong>Active Directory Domains and Trusts:</strong></p>



<p><strong>Right click on Active directory domains and trusts and click properties then add your public domain to the Alternative UPN Suffixes:</strong></p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-TFnEfdAaRIA/VVH_JcBXHAI/AAAAAAAAO44/iQRrYl2BuKA/s1600-h/image%25255B5%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/tfy9W23YP4xUqghuyBoe2_zGxNRaMXb2Vns3_BDNOi4-8Z1E6DyVrknLjh798K0iuYSmXjCq40Hw8bJ21q69ZkAWXqDvG8OVCzWSQWLCDKU53qk2EkI=w472" alt="image"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-2pV52iDffXA/VVH_K6lkC8I/AAAAAAAAO5M/7MI74vWkuxc/s1600-h/image%25255B8%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/qFT1ouC0pVqYX9oGz_0nazF7ltf6G8Ug9YQmoNH9LK5zLmV5_ZkAtQcfUw_xnEoQIhOJ8XGWiSTKhD3anFynDb0GOxtXUWuAYc06ZPAoQvQzvFt_NCU=w371" alt="image"/></a></figure>



<p>Next open Active directory users and computers to change the UPN to the correct one that matches your public domain.</p>



<p><strong>Note:</strong></p>



<p><strong>Changing the domain suffix for your users suffixes won’t affect their login to their machines or any other application server.</strong></p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-I7ZeJOC1u88/VVH_MjnkTKI/AAAAAAAAO5c/CxmRxmAczQQ/s1600-h/image%25255B11%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/poY4OsIiKSApwYQgxvcjic7EKWYZKrC9h1EgkFemC8YPWVgJjMp_xBnKz9ARLbHIWsYeNtOlKn5IjM5Mg1Wm6uLLwGrRomhCqePqlc6g_tUYISgvTiZe=w371" alt="image"/></a></figure>



<p>Select the users in which OU that you want it to be synced and right click and choose Properties.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-S1c_nr6REH8/VVH_OjC0agI/AAAAAAAAO5s/5JQfR3__GmU/s1600-h/image%25255B14%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh5.googleusercontent.com/std8Hr-zFo47zmLWr2dx7vzgTD7ovfj0z1e0pDmcS472yj39zPLbOlBFQxF4STL2262iWVE-Iqy8uNAex6cYsM6jptPC9g8_J0Fmeu-D_2hvhv3qFxE=w371" alt="image"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-68Y9wSdXNLU/VVH_QBEhA7I/AAAAAAAAO58/V29HCfPM8pc/s1600-h/image%25255B20%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/zhwy0HjpLq4wJGErSNyzZvsAv0QLE0X43FsegMslFqOK2v2du4OmQpr2jU9nWHcCgmLRfuiM5T4o8WHsUEdeD0APQxDAl9P4TxX9F0r1V7LUkIFV0ig=w371" alt="image"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-rO38xrqU0-s/VVH_RzGJD3I/AAAAAAAAO6M/Q8CSZixsSdc/s1600-h/image%25255B23%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh4.googleusercontent.com/36U-Lp7qykU9bD8LMPY-NT8A7FLUkiCrUvj7kmcYXeN_eq2mUbCeySPLteQpgE8VnRAVMr4OlQWSM_YCYFy2abh71Qb2PTndaAq7Ot9Z8V9OH2MdUNA=w673" alt="image"/></a></figure>



<p><strong>Proxy Address:</strong></p>



<p>You might as well face another issue with users that you intend to sync to Office 365 which is the SMTP proxy address. in some Exchange Organizations the e-mail policy might be set wrong and therefore the user might have an invalid domain value in his proxyaddress attribute e.g. <a href="mailto:user@domain.local" target="_blank" rel="noreferrer noopener">user@domain.local</a></p>



<p>To solve this, there are 3 ways to solve it. First would be to use Exchange on-premises Email policy to delete the .local SMTP proxy and set the public domain one.</p>



<p>The other two ways would be that you delete the proxyaddress manually or with a powershell script . I personally prefer to do this manually due to avoid any risk that it may impose on the users objects.</p>



<p>Another method would be the IDFIX it self or Admodify.</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2522 " id="quads-ad2522" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>




<p>In the below snapshot I used IDFIX to fix the proxyaddress of the problematic users.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-JAbI-TxQGdQ/VVH_T6N062I/AAAAAAAAO6c/PZBiXse3Wo4/s1600-h/clip_image008%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/WFH1IszgpMiNqJPV8bn1i3QRbEmtH67Ru8oJxtugV6Ay3o0EhFRl7Kn2rrv0fqG5rTElYqr-Yk6sYCadgfI9FqdU0YKjnUqqkj-BkvGtYJeSA_4xkzY=w673" alt="clip_image008"/></a></figure>



<p><strong>Installation of ADDSYNC</strong> </p>



<p>First we&#8217;ll install Microsoft Online Services Sign-In Assistant for IT Professionals RTW…</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-PuAhNMs1OJM/VVH_VObYR_I/AAAAAAAAO6s/8u17UywpSTw/s1600-h/clip_image009%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/RNsmUyxpGCRFDYoxYFyo1iA6F8FDQ5k7MBnUOaUq9XdfBg3AihiuxVOKVJkAn1se1rJdIRkY6FcyKL8cL02TyE89v2UXWaqqkob0hLv1CDBqDKBzVgu0=w572" alt="clip_image009"/></a></figure>



<p>Next Windows Azure AD powershell module</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-MWkn988qcFo/VVH_XE6e9aI/AAAAAAAAO64/SzAImi3ITs8/s1600-h/clip_image010%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/JvReuvYvbEL90uZdj4jNlGgJjT9B0kqfRmTg6kmQEMNtBY68LTf5vpwSSCeC4tb14uCcg_qz_NN0CvVJkgFCfFlx_H9X1hhSgUl46a1a206hHgbqlMA=w572" alt="clip_image010"/></a></figure>



<p>Installing AADirsync</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-HQwRg_QL_jw/VVH_YXsbcRI/AAAAAAAAO7E/vOvkoF7UwNM/s1600-h/clip_image011%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/cltFJ7jCqy2Hc7mYklDtDunH1MGitbIKsduRijyfzFPIqIg_expY66S-YUi9_C6MxkfVz8Af7Kz3wVMPA8fl17Qxb6HyWzgwHvA3k0Nvmy9LmyMizijB=w572" alt="clip_image011"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-O8-0We6FXsI/VVH_Z6NjilI/AAAAAAAAO7U/XGtURJEzAkw/s1600-h/clip_image012%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh4.googleusercontent.com/CAqufAe3YdULSXynr8-5HYsGaE-qQrdgr-7ycOnXuIBjrr4eoR4D9NoGObzcoQ65XnoebA3GY3VW5B79PjbEdUWogA64APRFo4vwU0EWmofPjodpKg=w673" alt="clip_image012"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-tBT4tXiYk-g/VVH_bm6xEbI/AAAAAAAAO7g/Hd8nvPXmU1k/s1600-h/clip_image013%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh4.googleusercontent.com/effPFPo1E4U5-6droF05Pm2tC0QZD7xWLL4nMr89YeZacykuT-61eGSoic-n77ZQOrn-iIGtO9DPUCcJZ0ZzJWJCxMxT6j3waOqloYR_942bdvIsyAlz=w673" alt="clip_image013"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-plhusVivI7Y/VVH_dPwQB-I/AAAAAAAAO70/hhVapoZ0h_8/s1600-h/clip_image014%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/JcG0cNNbaAjF3eAmQLEelkYkh_buLCP_XlM7CXV4mqxYQqSHoLbZM9slV6X_PXjA7nHKDV5H=w673" alt="clip_image014"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-53x7l1ScxHc/VVH_epnULdI/AAAAAAAAO8E/6RlmyaNHHvE/s1600-h/clip_image015%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/WpU2ih6S2doG0P0H5uYLo7iLVOXfKGcehaamDJPA-BZI2G_oEn2yyX2iKGFnFB2ogQOaPCuQ55yNL7tEqWs9y3CeixHKLC940yMuReJqCuKC9e-baWE=w673" alt="clip_image015"/></a></figure>



<p>In the next step you will have to enter an Office 365 Global administrator user (preferably not onmicrosoft.com user) and I would recommend that you create a cloud user on Office 365 with global admin privileges to use with AADSYNC.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-kVsIe7Wt34U/VVH_f_IAoeI/AAAAAAAAO8U/3Rrzq_kGyVs/s1600-h/clip_image016%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh5.googleusercontent.com/41EBGR5IQU4hujolk0YMkxo0t_R_QAlyH9KN3ZFf1ZK40A8XGtHQQ1mWVsyyhlkIxBoZ_1zhhFSJwh9GdTk51AM7AWhXcUP1umQRM4adPb-tnd77=w673" alt="clip_image016"/></a></figure>



<p>Next before you continue, you should open your O365 portal and Enable ADSync there.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-6cMdjgJA-1Q/VVH_h6qBRfI/AAAAAAAAO8k/9mcgaZSU8dk/s1600-h/image%25255B26%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/Y8_AnECe1c7zDTP00fWVe2OMv8jcIRnACRBp8Ky6UeA_sYnZbBgphjPyCVFPfE1YUbyz4v2bCI3ZTQOeGPgoYLMZQozSIDV12XpwDe33PAc6evRzjyI=w673" alt="image"/></a></figure>



<p>When you click on Set up the following page should come to you. you should click on Activate AD Sync.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-S36uTHifk38/VVH_juLof2I/AAAAAAAAO84/GFInYuTEbIk/s1600-h/clip_image018%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh5.googleusercontent.com/sqtjuvoSsR7-__IRJg6ULjtrb2Nmgj58wwnvhYzd7re_k9UvSo86gAcgzvgQ6LrBWRt49E9z8U2JvMJESRMPjLnNiBHb3UqC22r2wGlHLgAL4uA-VEU=w673" alt="clip_image018"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-ixBxmMAL2Uk/VVH_lUr8xTI/AAAAAAAAO9E/qwmC7czdZLM/s1600-h/clip_image019%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/VM7MqTTciEjvAXuygJ7WsRIvKVgUw3gLVbDZW0B4xk9UbhIPMYWzbI45e2DbAkk2bzSAZFr3=w572" alt="clip_image019"/></a></figure>



<p>Now you may continue to config AADSYNC, below I am going to use a different user that’s dedicated only to “AADSYNC” tool. I will calll it <a href="mailto:Dirsynccloud@domain.com" target="_blank" rel="noreferrer noopener">Dirsynccloud@domain.com</a></p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-cLXBgbdyoK4/VVH_mpKGj6I/AAAAAAAAO9Y/VK72vIkiLVM/s1600-h/image%25255B29%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/gRFIl6a-RgHMKHn2WgIV1PNqPZcSC7NK5nIlVQgRyCHv9nrhNTf2brsyv--SOxV9INVusfaPkY1C6MGgPdwf0Efmt0oC4THeBUTMSc5q6DZTxiWbsw=w673" alt="image"/></a></figure>



<p>Next On Active directory on-premises I will configure a new user called (Dirsync) that’s member of enterprise admins. this user will have access to all the OUs that will be synced in order to sync their attributes and passwords..etc</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-I7wczJsJ44c/VVH_oTqf1gI/AAAAAAAAO9o/ZFs9rR2qF2U/s1600-h/image%25255B32%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh5.googleusercontent.com/bGVhkSODsHhQBVC8_zKNH0zXWoiwqZ9wD2UENB9UUzLgPQlwdLDX2DmH3WNGJ1BF1tYpOzkSPaIJCGJO2OoApYnRn5FSliqelEuz5SCfYcBv7VNA4g=w673" alt="image"/></a></figure>



<p>Once you enter your Enterprise domain account below and click add forest, it will be enlisted below and you can add additional number of forests if you have more.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-FU1C6M8F__I/VVH_qJiasfI/AAAAAAAAO90/DKkheauEaj0/s1600-h/image%25255B35%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/upiAt8DNaHdXDiFX3aehFfVW0j9M4G_KchV1nODOGNgdOwB4XcnrF_20eePYkqUp5qB4v04dAx4JP7rzFMv2wdtLQjl_qBKQsXVIuxRbRDbdy8VB-bM=w572" alt="image"/></a></figure>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-WTNPMR6EjrY/VVH_rykH2XI/AAAAAAAAO-I/y0yjI57-DUk/s1600-h/clip_image025%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh4.googleusercontent.com/qxEfkKF6b30J7ukjzTQbNKJVMGtBOr2WqJJ_Z10HakVdIRu7jEKlVUL8czYbClqBuyIXyaZXhjSqCBts-ps_hvQ2DD-nL8M0UdPOe3U20ZWCOgp8IPSr=w673" alt="clip_image025"/></a></figure>



<p>Next you may choose to have Hybrid deployment if you have Exchange on-premises (At least Exchange 2010 SP3) but if not then no need to tick the box. The password write-back is a feature that requires an Azure premium AD subscription so if you don’t have this subscription then you don’t really need to tick this box.</p>



<p>The Azure AD app and attribute filtering is a feature that allows you to pick a certain application attribute you want to sync back and forth to Azure AD e.g. (Exchange, SharePoint..etc). If you don’t tick this box the normal standard attributes will be synced which will include (Exchange and user’s basic info) you can find it as soon as the setup finished and you open ADDSync UI.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-p6maszmQI8M/VVH_tf5_FyI/AAAAAAAAO-Y/prjFUH-1ny0/s1600-h/clip_image026%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh5.googleusercontent.com/GUUolT_Nxu8lGQUoIkTe9ObR2h4sQVEGfBIiPsTzg3FfNDY5AI_Vu1eHnzXJ_FjmbNfMZKKK6PEj3OsCSMcLm81fCluOQ0UQb01RIiFj3TibthQC_w=w673" alt="clip_image026"/></a></figure>



<p><a href="http://www.google.com/url?q=http%3A%2F%2Fwww.moh10ly.website%2F2015%2F05%2Finstalling-and-configuring-azure-active.html&;sa=D&;sntz=1&;usg=AFQjCNErlLlF8a7hNLruc-uTCI0dUQ0tjw" target="_blank" rel="noreferrer noopener">Password writeback overview</a></p>



<p>Password writeback is an Azure Active Directory Sync component that can be enabled and used by the current subscribers of Azure Active Directory Premium. For more information, see <a href="https://www.google.com/url?q=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fazure%2Fdn532272.aspx&;sa=D&;sntz=1&;usg=AFQjCNHJVkh6IJvq28BPfUsdsXR5HGKM-A" target="_blank" rel="noreferrer noopener">Azure Active Directory Editions</a>. It allows you to configure your cloud tenant to write passwords back to you on-premises Active Directory. It obviates you from having to set up and manage a complicated on-premises self-service password reset solution, and it provides a convenient cloud-based way for your users to reset their on-premises passwords wherever they are. Read on for some of the key features of password writeback:</p>



<p>From <;<a href="https://www.google.com/url?q=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fazure%2Fdn903642.aspx&;sa=D&;sntz=1&;usg=AFQjCNFjESlmypoS4Y03p-AXqU966dJj4w" target="_blank" rel="noreferrer noopener">https://msdn.microsoft.com/en-us/library/azure/dn903642.aspx</a>>;</p>



<p>You can enable filtering in AADSync at any time. If you have already run the default configurations of directory synchronization and then configured the filtering, the objects that are filtered out are no longer synchronized to Azure AD. As a result, any objects in Azure AD that were previously synchronized but were then filtered are deleted in Azure AD. If objects were inadvertently deleted because of a filtering error, you can re-create the objects in Azure AD by removing your filtering configurations, and then synchronize your directories again.</p>



<p>From <;<a href="https://www.google.com/url?q=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fazure%2Fdn801051.aspx&;sa=D&;sntz=1&;usg=AFQjCNG3TsbAX4LL0X_W1y3I2n8RA9OJ3Q" target="_blank" rel="noreferrer noopener">https://msdn.microsoft.com/en-us/library/azure/dn801051.aspx</a>>;</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-wM2wKvZZZS4/VVH_u2vvyBI/AAAAAAAAO-k/gxgbivTXH5w/s1600-h/image%25255B38%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh4.googleusercontent.com/67rVhP7mgJz45PQ7csu60xlwlLT0Zkds5wHOUgyd92zeCmsy7ex6qvOCLRxCOWMvDFXySlNg=w673" alt="image"/></a></figure>



<p>Next I will not tick Synchronize now because this will sync All local AD objects and OUs to the cloud, in my case I just want to choose particular OUs to sync to the cloud.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-oeGDANTuPUo/VVH_wMvraGI/AAAAAAAAO-4/DOZ9u51KuCA/s1600-h/clip_image029%25255B3%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/VkPJRXHHFlqB-g7KhBTMZ3M9swxTbbBaipCAhIbQTLFMs0bkWcKdaN6EtJEltJEw4NcH27l2an01NaM6_k9YynArRTADmyP3XGdGs5pV1jxWQlSvIS8=w673" alt="clip_image029"/></a></figure>



<p>In order to configure AADSYNC to choose which on-premises Active directory Organization Unit you want to change you will have to navigate to the following path on the server which you installed AADSYNC.</p>



<p>PATH:</p>



<p><strong>C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe</strong></p>



<p><strong>Right click on domain.local and click properties</strong></p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-Iai59dtYA3E/VVH_xnKwhbI/AAAAAAAAO_E/UUFCYSRiOXU/s1600-h/image%25255B41%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/QqnwtHEDFHxd7qhxou0cvC-RjSrEvRJM9mrg3ojtbtJ40INmryHZRAjX6QxZfHfUhJCcHT8fggcXAW77425tG52vxBM_i6Fe8SSUlinmhiRdmqyDeE0=w673" alt="image"/></a></figure>



<p>Next Click on “Configure Directory Partitions” and Under “Credentials” Click on Containers and enter your new on-premises enterprise admin account.</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-tFD4Lycqo7U/VVH_zfN0jnI/AAAAAAAAO_Y/byv47w8ZJFQ/s1600-h/image%25255B44%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh3.googleusercontent.com/Hw0fVAPjqQDoK4VsKFddIrgrS2B4WrBR7Da-wR8Uq4k_lP9E2--behntqzMAz3z2Ohl6cKbXAsqghnpwXfp8sjYpXgrmkNsR5gXJ_e1lM8_nkeB_Ug=w673" alt="image"/></a></figure>



<p>Next select the OU you want to sync to the cloud and click OK</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-gWfqPyY0sOM/VVH_07JfwWI/AAAAAAAAO_k/-OJjehnAHho/s1600-h/image%25255B47%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh6.googleusercontent.com/TcYqvJWVi-ghNaYwRE6c_B0GD8ifEtiv2Yd_jpxGbv-CeLu4PDvMjrExc996D20W2LHZAbQT0wV36bXLkUEYf8eTviCqu8F48gaWSn7h82N0dzOH8UM=w472" alt="image"/></a></figure>



<p>Next you will want to open “Task Scheduler” on the server and Enable the task that was created by AADSYNC installation to enable every 3 hours sync..</p>



<figure class="wp-block-image"><a href="http://lh3.googleusercontent.com/-5FvQ4ezVu3w/VVH_2ZdWYVI/AAAAAAAAO_0/W_vSgLkmdu8/s1600-h/image%25255B51%25255D.png" target="_blank" rel="noreferrer noopener"><img src="https://lh4.googleusercontent.com/D6SoTnpHqyKXRS3HhZE6uhob_m9-ivvsiRtT9_9Ndqm1xDm5m3f37S_VBm2SYcjLvqRq0AZ_8vKwcjU9L3YgTMZLYAzmgAHySH3N7-XSAOQYyfe55g=w773" alt="image"/></a></figure>



<p>In order to Force the sync you will have to run a separate command that Microsoft has brought along with AADSYNC called “DirectorySyncClientCmd” the command can be run from Powershell or made a shortcut on a desktop and directly run.</p>



<p>Path:</p>



<p>c:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2523 " id="quads-ad2523" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>




<p>Hope you find this useful. </p>

<!-- WP QUADS Content Ad Plugin v. 2.0.92 -->
<div class="quads-location quads-ad2530 " id="quads-ad2530" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>


Reset and manage your Active Directory users' Passwords Active Directory is one of the most…
Finding Exchange Database hidden mailboxes. Story:Maybe you have been in this situation before, trying to…
If you're using a Proxy server in your firewall or in your network and have…
Story:I got some clients that have reported some of their users being locked out and…
Delegate Permissions This is a code that I have wrote recently to check if an…
Story: I got a request from a client who constantly gets CVs and have to…