Shulou(Shulou.com)06/01 Report--

Today, the editor will bring you an article about how to use AD Sync tools. The editor thinks it is very practical, so I will share it for you as a reference. Let's follow the editor and have a look.

AAD Sync is our new directory synchronization tool that simplifies the process of connecting Azure AD to Windows Server AD. Makes it easier to deploy multiple forests with complex connections.

Active Directory and Exchange multi-forest environments can now be extended to the cloud.

Control which attribute parameters are synchronized according to the desired cloud service.

Select to synchronize your account through domain, OU, etc.

Set synchronization policy rules by mapping attributes and controlling related parameters.

Preview AAD Premium and reset password

First, make sure that you have uninstalled the old version of DirSync. Then, to install AADSync, you need a computer running the Windows Server operating system.

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

The target computer where AAD Sync is installed can be a stand-alone computer, a member server, or a domain controller. And the following components must be installed:

.NET 4.5

PowerShell (preferably PS3 or later)

Note:

The tool requires an instance of SQL Server to store identity data. By default, SQL Express LocalDB is installed and a service account for the service is created on the local computer during installation.

Because Express has the size limit of 10GB (it allows you to manage about 100.000 objects. If you want to manage more directory objects, you need to point the installation process to the SQL Server DB version

Install and configure AADSync

1-download tools from here.

2-execute MicrosoftAzureADConnectionTool.exe.

3-after going to the Welcome to Azure AD Sync dialog box, agree to the license terms, and then click install.

4-once installed, the tool will start (it may take a few seconds), and once you connect to Azure AD, provide credentials to connect to the Azure AD directory. Global Admin is used in the directory SysAdmin of Azure.

5-as we assumed, the credentials for the local forest\ domain need to be provided to the Connect to AD DS dialog box. Then click the "add Forest" button, after the domain name appears. Click next.

6-in a uniquely identified user

6.1-the cross-forest matching feature allows you to define how users in the ADDS forest are represented in Azure AD.

A user may represent only once in all forests, or may have a combination of enabled and disabled accounts

6.2-you can use the match with Azure AD option to specify the attributes to be used for identity federation. The sourceAnchor attribute is an attribute that does not change for the lifetime of the user object. In a single forest and environment, and accounts never move between forests, objectGUID is a good choice. If the user moves between forests or domains, you must select an alternate attribute.

The userPrincipalName attribute is the login ID of the user in Azure AD. By default, the userPrincipalName property in ADDS is used. If this property is not routable or is not suitable for logging in to the ID, you can select another property (such as mail) in the installation guide.

Click next to go to optional

7-if you have a mixed Exchange environment, you can select Exchange mixed deployment in the optional Features dialog box. For us, we will not enable this setting. Password writeback is an Azure Active Directory Premium function. (we didn't enable it in the test environment, so I left it selected.) if you want to view or restrict properties synchronized with Azure AD, select Azure AD application and property filtering. You will then get two more pages in the wizard.

8-the configuration screen starts the configuration process. Just click "configure"

It connects and configures synchronization rules and displays the Finished screen. If you click finish and leave synchronize now, it will start the synchronization process

Log out of Windows at this stage and log in again.

Locate and start the Azure AD synchronization synchronization service.

Open the connectors tab. See AD Domain Services Connector. Double-click to view the properties.

Navigate to configure Directory Partition. Select Container.

Enter your credentials.

Now you can choose your OU. Select OK to close the dialog box.

Select run = > Select full Import.

View the successful import to Azure. However, this is not immediate, and it will take some time to make users available in Azure (we can also try to force synchronization)

In the past, when using DirSync, we used "start-onlinecoexistencesync". It has now been replaced with "DirectorySyncClientCmd.exe" in AAD Sync.

Navigate to C:\ Program Files\ Microsoft Azure AD Sync\ Bin and start DirectorySyncClientCmd.exe

Finally, we have synchronized the local directory in Azure.

The above is a specific introduction to the use of AD Sync tools, the content is more comprehensive, and I also believe that there are quite a number of tools that we may see or use in our daily work. Through this article, I hope you can gain more.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.