DirSync: How To Install the Directory Sync Tool
At Azure Active Directory, we often get asked questions like "how do I install DirSync?" and "is it hard to do?". The answer we usually give is "well… no. It's just 11 clicks!". In this wiki, we'll walk you through how.
Preparation Work
Download DirSync
First you'll want to get DirSync. You can download DirSync from your respective Admin Portal.
If you are an Office 365 customer:
- Log into the Office 365 Admin Portal
- Navigate to Users & Groups > Active Directory synchronization Set Up
- Click the download button in step 4
If you are an Azure customer:
- Log into the Azure portal
- Navigate to Active Directory > Directory Integration
- Click download in step 3
Activate Directory Synchronization
You need to activate Directory Synchronization for your tenant in order to run DirSync. To do this,
If you are an Office 365 customer:
- Log into the Office 365 Admin Portal
- Navigate to Users & Groups > Active Directory synchronization Set Up
- Click the "Activate" button in step 3
If you are an Azure customer:
- Log into the Azure portal
- Navigate to Active Directory > Directory Integration
- Click "Activate" in step 2
Get your hardware ready
You'll want to make sure you have a machine that is ready for installing DirSync. The answers to the most common questions we get are:
- It must be installed on a 64-bit Windows Server OS (Windows 2008 and higher)
- It must be joined to Active Directory
- It can now be a domain controller, but if it is then you need to follow the additional instructions in the Best Practices for Deploying and Managing the Directory Sync Tool.
- It can be a virtual machine
The full list of requirements/details can be found in Prepare for directory synchronization.
Before you begin
Make sure you have the following information handy:
- A Windows Azure Active Directory/Office 365 user account that is a member of the Company Administrator group
- An Active Directory user account that is a member of the Enterprise Administrators group in all domains in your on-premises Active Directory Fore5.
Note: Make sure to install with a user that is Administrator on:
- The computer installing the Directory Sync tool
- Your company’s local Active Directory.
- Your company’s Microsoft cloud service administrator account.
Reference: Link
Setting up DirSync
Now comes the fun part. The following section provides a step-by-step on how to set up DirSync.
Step 1 - extract the installation binaries
You'll need to unpack the DirSync installation binaries in order to proceed.
This happens automatically when you run DirSync.exe.
Step 2 - read the welcome text
Have a read through the DirSync welcome text.
Click Next to move on.
Step 3 - Accept the EULA
Make sure you read through the End-User License Agreement.
It contains the terms of your use of DirSync.
Click Next to move on.
Step 4 - specify the install path
If you want to install DirSync at an alternate location, specify it now.
Otherwise click Next to move on.
Step 5 - install the components
We'll install SQL Server 2012 Express SP1, the FIM Sync Engine, and our binaries.
The time it takes to install DirSync components varies based on your machine's hardware specs.
The progress bar will change to full green when this is complete.
Step 6 - move on!
We're done installing the components and ready to move onto configuring DirSync.
Note
If you are installing on a domain controller you need to log off and log in again at this point.
Click Next to proceed.
When the configuration wizard starts, click Next on that too.
Note
If you are installing the Directory Sync tool on a Domain Controller (supported as of Directory Sync tool build 6567.0018), please do the following:
- De-select the "Start Configuration Wizard Now" checkbox
- Log-off (not restart) from your current session
- Launch the "Directory Sync Configuration" application and proceed as below
Step 7 - provide Windows Azure Active Directory credentials
We need Windows Azure Active Directory credentials to configure DirSync.
This is the account that we will use to interface with Azure AD.
We store these credentials securely.
Step 8 - provide on-premises Active Directory credentials
We need on-premises Enterprise Administrator credentials to create our service account in your local AD.
The service account has a name like "AAD_xxxxxxxxxxxx" where the x's are 12 random alphanumeric characters.
We do not persist the Enterprise Admin credentials you provide.
They are only used to create and configure the DirSync service account.
Step 9 - Hybrid Deployment enablement
There are various features throughout Office 365 and Azure AD that depend on Hybrid Deployment being enabled.
You need to decide if you want those features.
Note
For more details, see the Directory synchronization roadmap.
Step 10 - Password Sync enablement
You can choose to enable Password Sync for your tenant.
This lets your users sign into Azure Active Directory (and associated services like Office 365, CRM Online and InTune) with the same password as they use on-premises.
If you want to enable this, select the "Enable Password Sync" checkbox.
Note
For more details, see Implement Password Synchronization.
Step 11 - Configure DirSync
We'll apply the configuration options you'd selected in the past few steps.
Step 12 - start synchronizing!
You're done! DirSync is set up. If you want to start sync'ing now, select the "Synchronize your directories now" checkbox, and then click "Finish".
And that's it!
DirSync is set up and will start synchronizing.
Happy sync'ing