New Office 365 directory synchronization tool shipped called Azure Active Directory Synchronization Services


Good news is this long awaited tool has finally shipped and it looks like this is the one tool to leverage for synching local identities to the Azure AD for use with Office 365 Education, Azure services, etc.

image

I put together a quick FAQ about the new AAD Sync tool to help with this launch:

 

Does this replace the Dirsync or AAD Dirsync tool I use today with Office 365 Education? 

Yes and no. Long term AAD Sync is slated as a replacement for the Dirsync/AAD Dirsync tool you may have deployed already. However, you can remain on Dirsync/AAD Dirsync as this will continue to be supported for some time.

Updated (10-30-14):  AAD Sync now provides local AD password synchronization to Azure AD

 

How can I move from Dirsync/AAD Dirsync/FIM to AAD Sync?

The good news is it is relatively easy to replace your existing sync tool with AAD Sync. You can simply uninstall the sync tool on the server you had it on and install AAD Sync or you can stand up a new AAD Sync server in parallel.

See here for steps.

 

What does AAD Sync do that Dirsync/AAD Dirsync does not?

  • Multi-forest AD Sync
  • Multi-Exchange Org support
  • Non-AD directory sources single or multiple for sync (SIS, Open LDAP, etc) – coming soon
  • Better attribute and filtering capabilities based on cloud services you require

 

What are some scenarios that I could use AAD Sync in education?

There are several use case scenarios I can see for AAD Sync in education including:

  • Open LDAP syncing directly to the cloud (e.g. students)
  • Oracle/SQL/Other directory data sources like SIS syncing directly to the cloud
  • One forest for students and one forest for faculty/staff but want one tenant to sync to
  • Account/Resource forest
  • Multiple colleges with multiple Exchange Orgs and AD Forests wanting to collapse into one tenant

 

Is there a place I can go to see all the feature differences between FIM, Dirsync and AAD Sync?

image

Yes, see the full matrix here.

 

Does this replace the need for FIM synching to Azure AD?

Yes, it can replace this need for syncing identities to Azure AD only for multi-forest and non-AD directory scenarios.  It will not replace the need to sync on prem to on prem identities like FIM/MIM can do today.

 

Does AAD Sync work well with Azure AD Basic and Azure AD Premium?

Yes, it has plenty of additional sync features to leverage the new Azure AD Basic and Azure AD Premium skus. See here for more info.

 

Where can I go find more details on AAD Sync?

Please visit here and the FAQ here.

 

Where can I download AAD Sync bits?

You can grab the AAD Sync bits here.

 

Watch a great Garage Series video here on identity options including installing Azure AD Sync and preparing your local AD for sync with IDFIX tool:

image

Comments (8)

  1. markga says:

    @Joris - if several schools are in the same forest yes this tool will synchronized them. If several schools are in multiple forests, this tool will also sync as long as the identities don't collide (same UPN name, etc).

  2. markga says:

    @ Dino - yes, you can run the AAD Sync server in an Azure VM.

  3. dino says:

    Can you install AADSync in Azure and run it there? Supported?

  4. Vlimo says:

    Hello Markga, will this tool also support the following scenario; several schools with the same domain name sync to one tenant with all the users?

  5. Mo says:

    Hi
    I am trying to roll out AD in my company and manage it all on my local DC.
    Currently I have my email on office 365 (cloud).
    I am trying to move my email accounts from the cloud office 365 to local DC and then back to cloud but everytime I do that it creates a new email account for my users that I can't link to the original email addresses. I would prefer not to have 2 accounts for
    each user and be able to have just the current email accounts.
    Can someone help or send me a link on where to find help?

    Thanks

  6. ITRedFerret says:

    Does Office365 sync with standards based LDAP directories such as openldap or 389 directory server yet?

  7. George says:

    Can i run the DirSync tool on a separate windows server without using the Azure service?

Skip to main content