In order to synchronize our on-premises Active Directory with Windows Azure Active Directory (WAAD) we can use a tool called Windows Azure Active Directory Sync Tool which is able to synchronize objects and even passwords between on-premises and Azure (Cloud).
When installing the Windows Azure Active Directory Synchronization Tool there are a few key points that I would like to mention, as follows:
- Install just one copy of the tool in your environment;
- The tool cannot be installed on a Domain Controller
- The tool must be installed in a server joined to the domain
- The tool cannot be installed on a server running ADFS (Active Directory Federation Services)
- The newest version allows the password synchronization
- The forest mode must be at least Windows Server 2003 native mode which means that you must not have Windows Server 2000 DCs around
- It is highly recommended to reserve a server just for the tool and that server should have restrict access since that is going to be the main server to keep your WAAD synchronized
- In an environment with less than 10K users the server won’t require more than 4GB of RAM to run
The first step is to install .NET Framework 3.5 Features, and it can be done using Server Manager, as shown in the figure below.
In the Confirmation page. Click on Specify an alternate source path, this feature requires access to the source installation files of the Operating System media.
Mount the Windows Server 2012 media on your DVD drive and specify the path X:Sourcesxs (in this case X: is the DVD).
Deploying Windows Azure Active Directory Sync tool…
The best way to get the tool is from Windows Azure portal, log on it by accessing https://manage.windowsazure.com, then click on All items (first icon on the left side), and then on the Directory listed on the right side. Click on Directory Integration, and under step 3, click on the link listed there which will be the latest and supported version.
After downloading and executing the tool (it has around 180MB) click on Next on the first page.
In the Microsoft Software License Terms page. Make sure that you are in agreement with the terms, and then click on I accept and then Next.
In the Select Installation Folder page. Let’s leave default settings for the installation folder and click Next.
In the Installation page. The installation process will take a while, click on Next and wait.
In the Finished page. The tool was installed properly and now we can leave the default setting which is Start Configuration Wizard now and configure the synchronization but that is going to be the topic for our next Tutorial of our series.
After finishing the installation of the tool we can go to Program and Features in the server’s control panel and several tools were installed as part of the process, such as: Online Services Sign-in Assistant, FIM (Forefront Identity Manager) and SQL Serve 2012.