Prerequisites for integrating with Active Directory
The following document provides the prerequisites for integrating with Active Directory.
Cloud sync
Hardware and software
| Requirement | Description and more requirements |
|---|---|
| Windows server 2016 or greater that is or has: | • 4 GB RAM or more • .NET 4.7.1 runtime or greater • domain-joined • PowerShell execution policy set to Undefined or RemoteSigned • TLS 1.2 enabled |
| Active Directory | • On-premises AD that has a forest functional level 2003 or higher |
| Microsoft Entra tenant | • A tenant in Azure that will be used to synchronize from on-premises |
For more information on the cloud sync prerequisites, see Cloud sync prerequisites.
Accounts
| Requirement | Description and more requirements |
|---|---|
| Domain/Enterprise administrator | Required to install the agent on the server and create the gMSA service account. |
| Hybrid Identity administrator | Required to configure cloud sync. This account cannot be a guest account. |
| gMSA service account | Required to run the agent. |
For more information on the cloud sync accounts, and how to set up a custom gMSA account, see Cloud sync prerequisites.
Microsoft Entra Connect
Hardware and software
| Requirement | Description and more requirements |
|---|---|
| Windows server 2016 or greater that is or has: | • 4 GB RAM or more • .NET 4.6.2 runtime or greater • domain-joined • PowerShell execution policy set to RemoteSigned • TLS 1.2 enabled • if federation is being used, the AD FS severs must be Windows Server 2012 R2 or higher and TLS/SSL certificates must be configured. |
| Active Directory | • On-premises AD that has a forest functional level 2003 or higher • a writeable domain controller |
| Microsoft Entra tenant | • A tenant in Azure used to synchronize from on-premises |
| SQL Server | Microsoft Entra Connect requires a SQL Server database to store identity data. By default, a SQL Server 2019 Express LocalDB (a light version of SQL Server Express) is installed. For more information on using a SQL server, see Microsoft Entra Connect SQL server requirements |
For more information on the cloud sync prerequisites, see Microsoft Entra Connect prerequisites.
Accounts
| Requirement | Description and more requirements |
|---|---|
| Enterprise administrator | Required to install Microsoft Entra Connect. |
| Hybrid Identity administrator | Required to configure cloud sync. This account cannot be a guest account. This account must be a school or organization account and can't be a Microsoft account. |
| Custom settings | If you use the custom settings installation path, you have more options. You can specify the following information: • AD DS Connector account • ADSync Service account • Microsoft Entra Connector account. For more information, see Custom installation settings. |
For more information on the Microsoft Entra Connect accounts, see Microsoft Entra Connect: Accounts and permissions.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for