- Make sure your domain name is available on the internet. Go to your domain provider (godaddy, etc), search for the domain, if available, buy it.
Create an account for the AD management agent – svcfimadma – Several items should be done regarding domain rights for this account
- Give this account enterprise admin rights for the installation and remove after installation. .
- Give this account read/write rights to all account OUs and Replicating Directory changes rights
Permission Used for Replicate Directory Changes
Replicate Directory Changes All
Password sync Read/Write all properties User Import and Exchange hybrid Read/Write all properties iNetOrgPerson Import and Exchange hybrid Read/Write all properties Group Import and Exchange hybrid Read/Write all properties Contact Import and Exchange hybrid Reset password Preparation for enabling password writeback
- In ADUC, go to the template object and add the FIM AD account with full control. See this post
- Verify your domain.
- Login to Azure AD
- Go to the dashboard.
- Go to Active directory.
- Click domains, add your own domain, you will be asked to verify. Some information will be given to you.
- Go to your provider (Godaddy, etc), go to manage domains, select your new domain, click DNS add a TXT record with the info provided by the verification screen.
- Go back to the verification screen and click verify
- Go to your AD Connect Server. Login with a local Admin account. Run the AD Connect wizard on your desktop.
Select Customize Synchronization options
Enter the Azure AD Account info
Enter new forest AD MA info. Click Add the new directory. Click Next
Click Next and the Schema of the new directory will be retrieved
Select what OUs will be synced. Click Next
No change to Organizational options. Click Next
Click Install to finish