Activate directory synchronization
Published: March 7, 2013
Updated: March 7, 2013
Applies To: Office 365, Windows Azure, Windows Intune
You must activate directory synchronization before you install the Directory Sync tool. When you activate directory synchronization, you are turning on this feature across your tenant and all the Microsoft cloud services that you are subscribed to. For more information about how activation in Windows Azure AD works, see Directory synchronization and source of authority.
Before you activate directory synchronization, run the Microsoft Deployment Readiness Tool. This tool inspects your Active Directory environment, and then provides a report that includes a prerequisite check and an attribute assessment that are specific to the Directory Sync tool requirements.
If your environment doesn’t meet these requirements, the tool lists the changes you have to make before you can begin directory synchronization. It’s much easier to make directory changes before you activate and install the Directory Sync tool than to troubleshoot configuration errors after you have activated directory synchronization.
An important statistic to consider in the report that is created by the Deployment Readiness tool is the estimated total number of objects. This number is listed under Statistic in the Deployment Readiness tool. You must follow the recommendations made by the tool if you exceed the default total number of objects that the directory synchronization installation allows.
If the total number of objects in your on-premises domain exceeds 50,000, you will need to contact Support before you activate directory synchronization. If your object count exceeds 50,000 and you don’t contact Support to increase your licensing count, directory synchronization will not complete.
The following steps can be completed using either the Office 365 account portal, the Windows Intune account portal or the Windows Azure AD portal, depending on which services your organization has subscribed to. In this way, portals act as front-end interfaces that pull in directory data associated with your organizations Windows Azure AD tenant. For more information about using portals to manage your tenant, see Administering your Windows Azure AD tenant.
To activate directory synchronization, use the following steps:
Install and run the Microsoft Deployment Readiness Tool.
Depending on which portal you are using, do one of the following:
If you are using Office 365 or another account portal, click Users, click Set up next to Active Directory synchronization, and then proceed to the next step.
If you are using the Windows Azure Management Portal, click Active Directory, click on your directory showing on the Enterprise Directory page, click Directory Integration, and then proceed to the next step.
If you are using the Windows Azure AD Preview Portal, in the left pane, click Integration, click Deploy directory sync, and then proceed to the next step.
- If you are using Office 365 or another account portal, click Users, click Set up next to Active Directory synchronization, and then proceed to the next step.
Warning If you are reactivating directory synchronization after it was previously deactivated, there is a potential to overwrite cloud directory object data. In this case, we recommend that you first review the topic Directory synchronization and source of authority to understand the variables and consequences of reactivating directory synchronization in your environment.
The Windows PowerShell cmdlet to activate or reactivate directory synchronization is
Next step: Install the Directory Sync tool
After you have activated directory synchronization, you are ready to Set up your directory sync computer.