Microsoft 365 uses Azure Active Directory to store and manage user accounts to enable authentication and access to cloud resources. If you also have a local Active Directory, you need to synchronize it for centralized account management.
The implementation process is not complicated, but neither is it simple or unclear. Here is a short guide on how to do this.
Local maturation AD
If your local domain has the same name as the name verified in Microsoft 365, preparation is easy. All you need to do is check that the UPN (UserPrincipalName) attribute matches the one you want to use in Microsoft 365.
However, if your local AD domain is an unrouted domain, such as .local, you will need to add a second UPN suffix and update it for users. Accounts synchronized with local UPN .local are automatically assigned the default domain on microsoft.com.
To add a new suffix UPN
First open the Active Directory domains and trust centers. Right-click the Active Directory domains and trusted third parties and select Properties.
And add a new UPN suffix in the Properties pop-up window.
UpdatedUPN suffix for existingusers
You can update it in the Account tab of the Properties window for each user account. But it is much better to use PowerShell.
$adusers = Get-ADUER – Filter * -SearchBase OU=OU Name, DC=Domain, DC=local | Object Name
$adusers | ForEach {$_ | Set-ADUer -UerPrincipalName ($_.SamAccountName + ‘@domain.com’)}.
IdFixTools
AD has other attributes that may need cleaning, such as proxyAddresses, SAMAccountName, and so on. The best way is to use a tool like IdFix to identify and fix most synchronization errors in folders.
You can download the tool from the Micrsoft 365 Directory Sync status page and run it directly on a Windows 10 computer connected to a domain.
Account for the azure AD Sync
The Azure AD Connect tool can help you configure while the setup wizard is running, but it is easier to prepare it before the setup wizard is run.
Create a regular domain account with a password that complies with the AD password policy. And you have to give the user the following two rights. Or the password hash sync does not work.
- Changes to the reproduction catalogue
- The replica catalogue changes everything.
Before that,
- Opening Active Directory users and computers
- Go to Preview and choose Advanced Features.
- Right-click on the main domain name and select Properties.
- On the Security tab, add the account you want to use for folder synchronization and allow the two sets of privileges mentioned above.
AD Connect Azure Blue
We now download Azure AD Connect, install it on an Active Directory server and start the configuration wizard. Follow the wizard, and he should be ready to go soon.
A few comments which I hope will be useful.
You can synchronize the entire directory or ORs of your choice.
There are two ways to organize the DA synchronization process. You can enable the scene mode in Azure AD Connect or filter users by specific groups.
Note that when using the Filter Groups with selected OK’s option, make sure that the group is in that OK. Or no account will be synchronized.
Resources
Related Tags:
azure ad sync download,idfix topleveldomain,sync ad with office 365 powershell,user not syncing to office 365,azure ad connect two-way sync,merge ad account with office 365 account,office 365 on-premise vs cloud,office 365 on-premise license,office 365 integration apps,outlook 365 connect to on premise exchange,azure ad synchronization options,gal sync between office 365 tenants,federated identity office 365,office 365 azure,azure ad connect writeback,dirsync vs azure ad connect,what is azure ad sync,what is dirsync,azure active directory sync on premise,set up azure active directory sync,azure ad sync multiple domains,difference between office 365 and azure,azure office 365 login,add azure subscription to office 365,microsoft azure microsoft office,integrated apps azure,azure ad for office 365 vs azure ad premium,check azure ad sync status powershell,get-msoldirsyncconfiguration,get-msolcompanyinformation,0365 sync errors,azure ad connect health tool,find dirsync errors,directory synchronization tool,office 365 sync settings,sync ou with azure ad,cloud to on premise sync,set-msoldirsyncenabled,azure ad connect upn mismatch,merge ad and azure user,office 365 active directory sync existing users,sync office 365 users to local ad,azure sync with windows server ad,azure active directory
