The Microsoft Directory Synchronization has been available in a variety of versions and names:
- DirSync (the original).
- Azure Active Directory Sync (AADSync).
- Azure Active Directory Connect (AADConnect).
Each version of the tool had a number of releases, for the original DirSync for example there were 14 different releases as can be seen here. Similar information for AADSync (5 releases) can be found here, and for AADConnect (12 releases) you can find it here.
In my test environment (Exchange hybrid) I’m currently running AADSync 1.0.491.413. Since the current (as of March 2016) version is AADConnect 220.127.116.11 it’s time to upgrade J
When upgrading from a previous version there are two options:
- In-place upgrade – this is the recommended way if the upgrade time takes less than three hours.
- Parallel upgrade – This is the recommended way if the upgrade time takes more than three hours.
Why three hours? The Directory Synchronization runs every three hours. It is also estimated that if you have more than 50,000 objects to synchronize, the upgrade will take more than 3 hours.
Continue reading Upgrade Azure Active Directory Synchronization to AADConnect
Updated: November 11, 2015,
Updated: April 20, 2018
In an earlier blog I explained the differences between Cloud Identities, Linked Identities and Federated Identities. The source of authority (i.e. where the accounts are managed) for Cloud Identities is Microsoft Online and for Linked and Federated Identities the source of authority is your on-premises Active Directory. To get these accounts in Azure Active Directory (Office 365) you have to setup a directory synchronization between Active Directory and Azure Active Directory.
As explained earlier I prefer to use a dedicated DirSync server instead of installing DirSync on your Domain Controller (which is possible and supported). When using a dedicated DirSync server, you can keep your Domain Controllers identical and work on your Domain Controllers while not affecting your DirSync server. We now will build a configuration like this:
There are two options when setting up Directory Synchronization between your on-premises Active Directory and Windows Azure Active Directory:
- DirSync as a tool that can be downloaded from the Microsoft Online Portal. This is the ‘original’ DirSync tool which can be installed on a Domain Controller or on a dedicated DirSync server. This tool will be decommissioned somewhere in the (near) future.
- Microsoft Azure Active Directory (WAAD) Sync Services, the new DirSync tool that can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=44225. This tool has the option to synchronize a multi-forest topology with one tenant in Office 365.
Note. On June 24, 2015 Microsoft has released the Azure AD Connect & Connect Health. Azure AD Connect is the latest version of the Directory Synchronization. This blog is based on the previous Azure AD Sync, but I strongly recommend you look into the Azure AD Connect tool (there are a lot of similarities) which you can download from the Download center.
Added note on April 20, 2018. Azure AD Connect is now the only supported version for implementing directory synchronization. It is updated on a regular basis and available via the Azure AD Connect download. If you perform a default installation, Azure AD Connect will automatically update itself when a new version is available.
Continue reading Implementing Directory Synchronization