theCloudXperts

Moving Migrating from DirSync or FIM to Azure Active Directory Connect sync

Sharing is caring!

Azure AD Connect sync is the successor of DirSync, Azure AD Sync, and Forefront Identity Manager with the Azure Active Directory Connector configured. This allows you to provide a common identity for your users for Office 365, Azure, and SaaS applications integrated with Azure AD. It provides the following features:

  • Synchronization – This component is responsible for creating users, groups, other objects and identity information. It is responsible for synchronizing password hashes with Azure AD.
  • AD FS and federation integration – Federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure.
  • Pass-through Authentication – An optional component that allows users to use the same password on-premises and in the cloud.
  • Health Monitoring – Azure AD Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity.

Planning:

Before you start to Download the latest AD Connect Sync and read through the requirements particularly pay attention to the following point.

  • The required version of .Net and PowerShell. Newer versions are required to be on the server than what DirSync needed.
  • The proxy server configuration. If you use a proxy server to reach the internet, this setting must be configured before you upgrade. DirSync always used the proxy server configured for the user installing it, but Azure AD Connect uses machine settings instead.
  • The URLs required to be open in the proxy server. For basic scenarios, those scenarios also supported by DirSync, the requirements are the same. If you want to use any of the new features included with Azure AD Connect, some new URLs must be opened.

Design:

The most common topology is a single on-premises forest, with one or multiple domains, and a single Azure AD tenant. When you have multiple forests, all forests must be reachable by a single Azure AD Connect sync server. You don’t have to join the server to a domain. If necessary to reach all forests, you can place the server in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet).

Having multiple Azure AD Connect sync servers connected to the same Azure AD tenant is not supported

 

Installation

The first time you run the Azure AD Connect installation wizard, it walks you through how to configure your installation. If you run the installation wizard again, it offers options for maintenance. Prepare and Install AD Sync.

 

The Synchronization Rules Editor is used to see and change the default configuration. You can find it on the Start menu under the Azure AD Connect group , can create custom rules and

Import and Synchronize

  1. Select Connectors, and select the first Connector with the type Active Directory Domain Services. Click on Run, select Full import, and OK. Do this for all Connectors of this type.
  2. Select the Connector with type Windows Azure Active Directory (Microsoft). Click on Run, select Full import, and OK.
  3. Make sure Connectors is still selected and for each Connector with type Active Directory Domain Services, click Run, select Delta Synchronization, and OK.
  4. Select the Connector with type Windows Azure Active Directory (Microsoft). Click Run, select Delta Synchronization, and then OK.

We have now staged export changes to Azure AD and on-premises AD if you are using Exchange hybrid deployment. The next steps will allow you to inspect what is about to change before you actually start the export to the directories.

Switch from DirSync or FIM

  1. Turn off the DirSync/FIM server so it is not exporting to Azure AD.
  2. On the AADSync server, start Task Scheduler and find Azure AD Sync Scheduler. Select to enable this task.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

shares