Deploy Azure Active Directory Sync tool with Office 365

  • Article

 

Applies to: Office 365

Summary: Describes requirements and supported configurations for deploying the Azure Active Directory Sync tool for use with Office 365 and single sign-on with Azure Virtual Machines.

We're listening to your feedback and consolidating all our Office 365 deployment content. On July 1st, 2015, all information in this guide will be moved to https://support.office.com/, and these pages will be removed from TechNet. As you review the content still on TechNet, you'll notice many have links pointing to the new content already on https://support.office.com/.

To explore content available on https://support.office.com/, start with the Office 365 for business - Admin Help page.

Enabling integrated global address list (GAL) or an integrated GAL and single sign-on (SSO) require integrating your on-premises Active Directory forest with your Office 365 tenant by using the Azure Active Directory Sync tool.

Deployment requirements for using the Directory Sync tool with Office 365

You must be able to meet the following minimum requirements to deploy the Directory Sync tool:

  • The Directory Sync tool must be installed on a domain-joined computer in the forest that you want to integrate with Office 365.

  • The computer cannot be a domain controller.

  • You need enterprise administrator credentials to configure the Directory Sync tool.

If your on-premises Active Directory has over 50,000 objects, you must deploy the Directory Sync tool with SQL Server. The Directory Sync tool can be installed with SQL Server 2008 Standard or SQL Server 2008 R2.

If SQL Server is required, it must be deployed on the same virtual machine as the Directory Sync tool. This can affect the size of this virtual machine.

The following are not supported:

  • Deploying SQL Server on a different server than the Directory Sync tool

  • Using SQL Azure as the database for the Directory Sync tool

When deploying the Directory Sync tool on Azure Virtual Machines, the following table lists the configurations that are supported.

Directory synchronization host Domain controller Supported?

Virtual machine

Virtual machines: read/write domain controller

Yes

Virtual machine

Virtual machines: read-only domain controller

No

Virtual machine

On-premises (connected through a cross-premises Azure Virtual Network)

Directory synchronization has a high latency tolerance, but intermittent connectivity issues between Azure and on-premises may cause outages of directory synchronization and data that is out of date in Office 365.

Yes

Not recommended

When setting up and configuring directory synchronization, the server running the Directory Sync tool must be able to connect to at least one domain controller per domain.

For more details about requirements and deployment of directory synchronization, see Prepare for directory synchronization.

For guidance about deploying SQL Server on virtual machines, see Getting Started with SQL Server in Azure Virtual Machines.