Install new Azure AD Connector

Prerequisites

  1. Make sure your domain name is available on the internet. Go to your domain provider (godaddy, etc), search for the domain, if available, buy it.
  2. Create an account for the service account in AD – e.g svcadconnector
  3. Create an account for the AD management agent – svcfimadma – Several things to do regarding domain rights for this account
    1. Give this account enterprise admin rights for the installation and remove after installation.
    2. Give this account read/write rights to all account OUs and Replicating Directory changes rights
    3. Permission Used for
        Replicate Directory Changes

        Replicate Directory Changes All

      Password sync
      Read/Write all properties User Import and Exchange hybrid
      Read/Write all properties iNetOrgPerson Import and Exchange hybrid
      Read/Write all properties Group Import and Exchange hybrid
      Read/Write all properties Contact Import and Exchange hybrid
      Reset password Preparation for enabling password writeback
    4. In ADUC, go to the template object and add the FIM AD account with full control. See this post
  4. Get an Azure AD account or get O365 account. Login with the account you signed up with and create a global admin account for AD connect – tlkadconnector. After creation, log into Azure AD with the default password and change the password.
  5. Verify your domain.
  • Login to Azure AD
  • Go to the dashboard.
  • Go to Active directory.
  • Click domains, add your own domain, you will be asked to verify. Some information will be given to you.
  • Go to your provider (Godaddy etc), go to manage domains, select your new domain, click DNS add a TXT record with the info provided by the verification screen.
  • Go back to the verification screen and click verify
  1. Update your server with latest patches and fixes. Make sure to select Dotnet 4.5 (could be under optional in Windows update).
  2. Download the AD Connect software
  3. Run the AD Connect software, this will install the AD Connect wizard on your desktop.
  4. Click on the AD Connect Wizard. On the Welcome screen agree to the license conditions and click continue

Click Customize

Enter the AD Connect service account and click install

Click next

Enter the Azure AD Connection info

Enter the AD MA information and click add directory. Then click Next

Select the OUs to be synchronized

Select that Objectguid used for sourceanchor and mail attribute be used for join. Click next

Click Next

Do not select any of the options, click Next

Select start the sync process and click install

Advertisements

One thought on “Install new Azure AD Connector

  1. Pingback: Azure AD Connect: Installing a complete solution | tlktechidentitythoughts

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s