Azure Active Directory Sync Tool: Configure the (on premise) AD Containers you want to sync to the Azure AD BEFORE running the initial synchronization

Feb 1

Written by:
Sunday, February 1, 2015 5:32 PM  RssIcon

In my Office 365 tenant I activated “Active Directory synchronization” in the admin center and fulfilled all other necessary steps (Verify domains - run IDFix tool …).

image

Here is the PS cmdlet to do the same: MsolDirSyncEnabled –EnableDirSync $true

As a DB Server  for the DirSync FIM database I used my “full” installation of Microsoft SQL Server 2014.

image

By default the Directory Sync tool comes with SQL Server 2012 Express 2012 SP1. To install it on an existing full SQL installation you need the “/fullSql” parameter for the “dirsync.exe” installation

image

Click here for more details about a full SQL installation.

 

After a few additional steps … you have to run the “Directory Sync Configuration” wizard

image Executable is located at:
%Program Files%\Windows Azure Active Directory Sync\
ConfigWizard.exe

 

On the”Finished” page the checkbox is selected by default!

image

When you keep this checkbox selected and press <Finish> to start the synchronization, you have A LOT of user accounts synced to your Azure AD!

The following two pictures show you, that I did this first!

 

image

 

image

It was not so easy to delete the not used  users from the Azure AD again. They had a status of “Synced with Active Directory” and the procedures from the following link were necessary:

How to remove synced users from Cloud Side

 

So what do I recommend

  • On the “Finished” page DESELECT the checkbox (to not immediately start the sync process) and press <Finish>

 

  • Open FIM (miisclient.exe) from the following directory:

C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell

 

image

 

  • select “Management Agents”
  • klick on “Active Directory Connector”

image

  • select “Configure Directory Partitions”

image

  • then select (all) the OU(‘s) you want to synchronize

image

In my case this was the OU “PROD 365” (with a few sub OU’s) and after the synchronization I only had the desired users synchronized like you see below!

image