Export (0) Print
Expand All

Active Directory credentials

Published: June 8, 2012

Updated: September 24, 2014

Applies To: Azure, Office 365, Windows Intune

On the Active Directory Credentials page of the Microsoft Azure Active Directory Sync tool Configuration Wizard, you must provide the credentials for an account with Enterprise Administrator permissions on your company's local Active Directory directory service. This account must have Enterprise Administrator permissions in the Active Directory forest to which the computer running the Microsoft Azure Active Directory Sync tool is joined.

This page accepts credentials in the following formats:

  • Someone@example.com

  • Example\someone

noteNote
These Enterprise Administrator credentials are not saved. They are not persisted in the computer's memory after the service account is created.

The Configuration Wizard uses the Enterprise Administrator credentials to create the directory synchronization service account, MSOL_AD_Sync. The Configuration Wizard creates the service account as a domain account with directory replication permissions on your local Active Directory, with a randomly generated complex password that never expires.

noteNote
Do not change the password associated with the service account.

When the directory synchronization service runs, it uses the service account credentials to read from your local Active Directory and write to Microsoft Azure Active Directory (Microsoft Azure AD) using the credentials requested in the Microsoft Azure Active Directory (Microsoft Azure AD) Credentials page of the Configuration Wizard.

noteNote
If you add a domain to your Active Directory forest, you must run the Configuration Wizard again to add the new domain to the list of domains to be synchronized. See Manage directory synchronization for more information.

Enterprise Administrator credentials are not saved, and therefore don’t need to be removed. To remove the MSOL_AD_Sync account and any associated credentials, uninstall the Directory Sync tool, and then delete the service account from your local Active Directory. For more information about uninstalling the Directory Sync tool, see Install or upgrade the Directory Sync tool.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft