So far in this series we subscribed to the services, configured the on-premises and cloud environments and in the last one we install the tool on our on-premises. Now, it’s time to do the first synchronization between those environments.
After the installation we have the option to run the Configuration Wizard, or we can at any time clickon Directory Sync Configuration on your start area.
In the Welcome page. Just our traditional welcome page of any assistant, just click Next.
In the Windows Azure Active Directory Credentials page. Here we can use the Service Account Synchronization that we created on the part 5 of this series. After filling out the information click Next.
Note: This account is located on the WAAD (Windows Azure Active Directory) instead of your on-premises Active Directory.
In the Active Directory Credentials page. Now the wizard requires a credential with administration permission on the current Active Directory, the credential is required only during the setup and a service account for the replication purpose will be created. Type in your admin permissions and click Next.
Note: Make sure that the account that you are using on this page has Enterprise Admins and Domain Administrators.
In the Hybrid Deployment page. By the default the synchronization is one way (on-premises to the Cloud) however if we are planning to use online services from Microsoft (Office365, SharePoint Online and/or Lync Online) we can deploy hybrid mode where we can have co-existence between your local services and the same services in the cloud. If you enable Hybrid Deployment you allow that interaction and part of that interaction is that some replication from the Cloud can be applied on the on-premises. Let’s enable for this exercice and then click Next.
Note: By enabling Hybrid Deployment you are not allowing Windows Azure to go to your on-premises Directory and manage all objects and attributes. It only changes a few attributes to support the co-existence among products.
A complete list of all attributes are documented on this KB: http://support.microsoft.com/kb/2256198#Table2
In the Password Synchronization page. That is a new feature just released a couple of months ago which allows the on-premises password to be synchronized with Windows Azure Active Directory. By selecting the checkbox on this page we ensure that all passwords of our synchronized users will be the same.Click on Next.
In the Configuration page. This process may take a while, time for a coffee and after the completion we should see a similar page to the one shown below. Click Next.
In the Finished page. The configuration was completed and by default the option Synchronize your directories now is select which means that as soon as we hit Finish our first synchronization will take place. Leave default settings and click on Finish.
A dialog box will be displayed, just click on OK.
Validating our initial synchronization…
Let’s start with the service created during this entire process. In that server we will have a new service called Windows Azure Active Directory Sync Service and that is the responsible to keep our both directories synchronized from now on.
Note: It is highly recommended to monitor this server to make sure that your replication is always working properly.
If we go to the Azure Portal, we can check the Directory Integration tab and the result should be something similar to the figure show below where the replication took place in less than 1 hour.
Let’s click on Users tab, and we will have a list of all synchronized users from our on-premises to Windows Azure Active Directory.
Bear in mind that all users that match their on-premises UPN with the Azure Domain will have their user name firstname.lastname@example.org configured properly however accounts using the local UPN will receive the default UPN from the Azure (.onmicrosoft.com).