To successfully synchronize your on-premise Active Directory with Windows Azure Active Directory you can use either DirSync or Azure AD Connect.

For reference you can read more here:

Step 1: Download Azure ADSync services. Here is the link:

Step 2: When you have completed the downloaded, right Click on the AzureADConnect.msi and select “run as administrator”.


Once the file launches, to continue, agree to the license terms which will enable the button and then click the continue button.


On the Express settings page, click the grey Customize button as we will be doing a custom installation and not the express one.

On the Install required components do not select any checkbox. Click Install.

On the User sign-in screen select Password Synchronization and click Next.

On the Connect to Azure AD screen, enter the username and password of an Azure global administrator for your Azure AD. Click Next.


On the Connect to ADDS screen enter the username and password for the user that has an enterprise admin account and click Add Directory. Click Next.

Side Note: Enterprise Admins permissions are not required. Here are the minimum permissions required:




  • The minimum level of permissions required by the wizard is Domain user.
  • However, the specified account must have the permissions required for your intended scenario.
  • If you intend to configure password sync to Azure AD, ensure this account has the following permissions assigned:
    • Replicating Directory Changes
    • Replicating Directory Changes All



If you intend to configure sync to ‘write back’ information from Azure Active Directory to your local Active Directory, ensure the account has write permissions to the directory objects and attributes you intend to be written back.


On the Uniquely identifying your users screen leave default settings. (Note: changing source attribute for userPrincipalName is part of Alternate Login ID configuration). Click Next.

On the Filter users and devices (it is recommended implement filtering in here for Proof of Concept due to group membership limitation). Click Next.

On the Optional features select “Exchange hybrid deployment” and “Password hash synchronization”. Click Next.


Ensure that the above option is selected and then click Install.

Once complete then click Exit.

Hope it helps.


Joe Sica · 2nd Sep 2016 at 6:33 pm

Does AAD get installed on a Domain Controller or does it need to be installed on its own server? What are the best practices?

    edwardvbs · 2nd Sep 2016 at 6:36 pm

    Hi, you can install it on its own VM but can install it on a DC.

      Joe Sica · 2nd Sep 2016 at 6:38 pm

      is there a preferred method?

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *