It is finally here, the new version of DirSync that will syncronize passwords from Active Directory on-premises to Windows Azure Active Directory (WAAD). This is a great new feature as it now allows a company to setup Identity Federation and Same SignOn without the need to deploy Active Directory Federation Services (ADFS).
To access the latest version of DirSync download it from your existing Tenant, here is the version properties for the latest build:
For some time now I have been using online accounts, I torn down my on-premises infrastructure I had originally setup. To put this new DirSync through its paces I decided to setup a domain and DirSync server in Windows Azure IaaS. Was pretty straight forward to build out two servers and get things moving. I used Server 2012 for both the DC and the DirSync Server.
Below is the walkthrough on install and setup:
- Launch the DirSync.exe download (Ensure that you run the exe as an Administrator!, if you don't one of your first clues might be the error message below)
- At the Welcome Screen click Next
- Accept the EULA and click Next
- Choose an install location and click Next (I kept the default location)
- The install begins! (this took about 15 minutes on my very low powered VM server)
- Once it completes click Next
- At the Finished page ensure that the Start Configuration Checkmark is checked and click Finish
- At the Configuration Wizard welcome click Next
- Enter credentials for WAAD/Office 365; you want to ensure that this account you are using has the password set to never expire, as these credentials are saved for each time the Sync is run, if the account's password expires it will cause DirSync to fail.
- Enter on-premises credentials that are a member of the Enterprise Admin group. These credentials are now saved, a Service Account is created to run the DirSync tool.
- If you have a Hybrid deployment or plan to have one check off the check box. (I did not have Exchange installed in my lab so the tool recognizes that as the Schema was not extended so I did not have an option to check the box)
- The important step, check off Enable Password Sync
- Let the configuration magic happen
- Once completed click Next
- Check off the Synchronize your directories now and click Finished
- You will get the below to learn how to verify DirSync
And that is all there is to it!
I am working on another post that will give some guidance on when you want to use this new DirSync with Password sync versus using DirSync and ADFS for Identity Federation, stay tuned!