- Make sure your domain name is available on the internet. Go to your domain provider (godaddy, etc), search for the domain, if available, buy it.
- Create an account for the service account in AD – e.g svcadconnector
Create an account for the AD management agent – svcfimadma – Several things to do regarding domain rights for this account
- Give this account enterprise admin rights for the installation and remove after installation.
- Give this account read/write rights to all account OUs and Replicating Directory changes rights
Permission Used for Replicate Directory Changes
Replicate Directory Changes All
Password sync Read/Write all properties User Import and Exchange hybrid Read/Write all properties iNetOrgPerson Import and Exchange hybrid Read/Write all properties Group Import and Exchange hybrid Read/Write all properties Contact Import and Exchange hybrid Reset password Preparation for enabling password writeback
- In ADUC, go to the template object and add the FIM AD account with full control. See this post
- Get an Azure AD account or get O365 account. Login with the account you signed up with and create a global admin account for AD connect – tlkadconnector. After creation, log into Azure AD with the default password and change the password.
- Verify your domain.
- Login to Azure AD
- Go to the dashboard.
- Go to Active directory.
- Click domains, add your own domain, you will be asked to verify. Some information will be given to you.
- Go to your provider (Godaddy etc), go to manage domains, select your new domain, click DNS add a TXT record with the info provided by the verification screen.
- Go back to the verification screen and click verify
- Update your server with latest patches and fixes. Make sure to select Dotnet 4.5 (could be under optional in Windows update).
- Download the AD Connect software
- Run the AD Connect software, this will install the AD Connect wizard on your desktop.
- Click on the AD Connect Wizard. On the Welcome screen agree to the license conditions and click continue
Enter the AD Connect service account and click install
Enter the Azure AD Connection info
Enter the AD MA information and click add directory. Then click Next
Select the OUs to be synchronized
Select that Objectguid used for sourceanchor and mail attribute be used for join. Click next
Do not select any of the options, click Next
Select start the sync process and click install