Following my previous announcing the preview of the new version of Azure AD Connect which will replace the current DirSync tool for Office 365, here is a post detailing the installation of the preview.
As said in my previous post, this version can be downloaded from the Connect web site (http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=53949)
For this installation, I reused the same server which is already hosting my DIrSync instance for Office 365, as well as the Yammer DirSync. I did this to test the upgrade (if there is one ) from DirSync to Azure AD Connect. I also already have an ADFS in place with a Web Application Proxy.
Upgrade from DirSync
So, I started to try to upgrade from DirSync (version 1.0.6862 – so not the latest version but not too old).
First step, accept the EULA – simple
Then, the setup analyze the server – this when the trouble can appears
It seems the check passed as I got the request to enter my Office 365/Azure Active Directory credentials – don’t forget, this is still a global administrator credentials
For the propose of this post, I also first try with a NON global administrator account – it’s a preview and just wanted to check/get the error
,,, and it seems it passes even if this account is NOT a global administrator and I reached the next step which displayed the Express Settings proposed by the tool regarding my current state (single AD Forest BUT it does not detect my ADFS install).
So I reassigned the global administrator role and tried the Custom step.
After hitting the Customize button to configure my self the settings, I got the Single Sign On experience and had to choose between ADFS or Password Sync. If you move over the question mark, you will get a quick explanation of each option
So, the next steps followed the choice of Password Sync
So then you have to define the Active Directory (as it’s based on AD Connect you can add multiple AD Forest) or a NON AD-LDAP directory to synch.
Then you have to select which features you want to enable: Exchange Hybrid and/or Password Right Back (remember for this last feature you need to have an Azure Active Directory Premium)
Then you have to define how your users are represented; this is important in case of you are synching multiple directory and if your user accounts are present in both directory
User present in multiple directory
You have more choice here; including the option to use a custom attribute
Then this step is common to both option, you can define how to link both cloud and on premises user object
This is it, the setup can be completed (and I will see if the upgrade is possible and working as expected)
And…. it failed with the error Unable to install the synchronization service.
So I will uninstall my DirSync instance.
As it is not possible to upgrade from DirSync to this preview, I uninstalled the DirSync instance and tried again.
The setup process is exactly the same anyway
The good news is the setup detects that a previous execution has already been done with some configuration and propose to keep it or start over
The wizard has some sort off minor bug here as when it starts the configuration, the main windows is kept in front while a new one displaying all the progress is hidden behind (obviously this should be the same window)
Then as usual you can open the console to select/unselect the OU to be synchronized (this time this is located below C:\Program Files\Microsoft Azure AD Sync\UIShell) and the connectors name is using either the tenant name for the Azure AD or the directory name for the on premises
In the meantime, there is no more MSOL account created and used to synchronize your AD; it finally use the account you defined during the configuration (so do not use anymore the administrator account )
To complete, open the Scheduled Tasks console and enable the tasks created during the installation called Azure AD Sync Scheduler