Active Directory credentials
Published: June 8, 2012
Updated: February 28, 2013
Applies To: Office 365, Windows Intune
|This topic provides online help content that is applicable to multiple Microsoft cloud services, including Windows Intune and Office 365.|
On the Active Directory Credentials page of the Windows Azure Active Directory Sync tool Configuration Wizard, you must provide the credentials for an account with Enterprise Administrator permissions on your company's local Active Directory directory service. This account must have Enterprise Administrator permissions in the Active Directory forest to which the computer running the Windows Azure Active Directory Sync tool is joined.
This page accepts credentials in the following formats:
|These Enterprise Administrator credentials are not saved. They are not persisted in the computer's memory after the service account is created.|
In this article
How the credentials are used
The Configuration Wizard uses the Enterprise Administrator credentials to create the directory synchronization service account, MSOL_AD_Sync. The Configuration Wizard creates the service account as a domain account with directory replication permissions on your local Active Directory, with a randomly generated complex password that never expires.
|Do not change the password associated with the service account.|
How the service account is used
When the directory synchronization service runs, it uses the service account credentials to read from your local Active Directory and write to Windows Azure Active Directory using the credentials requested in the Windows Azure Active Directory Credentials page of the Configuration Wizard.
|If you add a domain to your Active Directory forest, you must run the Configuration Wizard again to add the new domain to the list of domains to be synchronized. See Manage directory synchronization for more information.|
How to remove the credentials or service account
Enterprise Administrator credentials are not saved, and therefore don’t need to be removed. To remove the MSOL_AD_Sync account and any associated credentials, uninstall the Directory Sync tool, and then delete the service account from your local Active Directory. For more information about uninstalling the Directory Sync tool, see Install or upgrade the Directory Sync tool.
ConceptsWindows Azure AD credentials