Step-by-Step Guide to Configure Azure AD Sync (Intra AD Sync)

Managing user identities across on-premises and cloud environments is critical for modern businesses. Configuring Azure Active Directory (Azure AD) synchronization with an on-premises Active Directory (AD) ensures seamless hybrid identity management, improved security, and streamlined user access. This guide walks you through the process step by step, covering prerequisites, installation, configuration, and verification.

Prerequisites

Before starting, ensure the following:

Microsoft 365 Subscription: An active Azure Active Directory Premium (P1/P2) or Office 365 E2/E3 subscription.
Global Administrator Role: The admin account must have the Global Administrator role assigned.
GoDaddy Domain: Verify that your GoDaddy domain name is listed in the Domains section of the Microsoft 365 Admin Center.
Infrastructure: Ensure you have:
- Active Directory Domain Controller (DC1) configured with the ADDS role.
- AD Sync Server in the same domain as DC1.

Step 1: Set Up the Domain Controller

Install the Active Directory Domain Services (ADDS) Role on DC1.
Promote the server to a domain controller. During the setup:
- Select Add a new forest and specify your root domain name (e.g., prasannagym.site).
- Complete the setup wizard, and the server will restart automatically to finalize the process.
Confirm that DC1 is domain-joined.
Join the AD Sync Server to the same domain.

Step 2: Create Organizational Units and Users

In Active Directory on DC1:

Create an Organizational Unit (OU) called Employees under your root domain.
Create a sub-OU named Cloud Users inside the Employees OU.

Populate the Cloud Users OU by creating Active Directory user accounts.

Step 3: Download and Install Microsoft Entra Connect

Download Microsoft Entra Connect from the official Microsoft website.

If you encounter a TLS version error:

Search for a PowerShell script to enable TLS 1.2.
Open PowerShell on the AD Sync Server, paste the script, and execute it.
Restart the server after completing this step.

Re-run the Microsoft Entra Connect installer.

Step 4: Configure Microsoft Entra Connect

Launch the Microsoft Entra Connect Sync Wizard.

Enter the username and password of your Microsoft 365 tenant account and click Next.

If a pop-up from Internet Explorer appears, close it. Disable IE Enhanced Security Configuration in Server Manager under the ADS settings.

Return to the sync wizard and re-enter your credentials.

Follow the prompts and click Install. Wait for the configuration process to complete.

Step 5: Verify Synchronization

Navigate to Active Users.

Check that the users created in the on-premises AD (DC1) are listed as active users in Microsoft 365.

Common Issues and Solutions

TLS Error: Use the PowerShell script to enable TLS 1.2 as described in Step 3.

User Sync Issues: Verify that users are created under the correct OU (e.g., Cloud Users).

Missing Permissions: Ensure the admin account used for configuration has the Global Administrator role.

Conclusion

By following this step-by-step guide, you can successfully configure Azure AD synchronization with your on-premises Active Directory. This integration simplifies user identity management, enabling hybrid scenarios where on-premises users can access cloud resources seamlessly. To further enhance security and streamline processes, consider enabling additional features like Conditional Access or Multi-Factor Authentication (MFA) in Azure AD.

Azure AD Sync, Microsoft Entra Connect, On-premises Active Directory, Azure Active Directory, AD Sync Server, ADDS role, Hybrid identity, TLS 1.2 configuration, Microsoft 365 Admin Center, Active Directory Users, Global Administrator, Organizational Units (OU), Cloud Users OU, Domain Controller (DC1), Active Directory synchronization, , Microsoft 365 tenant, Azure AD Premium, Identity management, Office 365 synchronization, User synchronization