Installing Windows Azure Active Directory Sync
INSIDE OUT Use a virtual machine
Directory synchronization is not a resource-intensive process, so it is perfectly fine to
use a virtual machine. Furthermore, consider the impact of the availability of directory
synchronization. You might subconsciously think that directory synchronization needs to
be high availability, and thus you might start thinking about strategies such as
clustering. However, if directory synchronization is not available, the impact is that your Office
365 tenant will not be in sync with your AD. What does that mean? Basically, new user
accounts in AD that are added since the last time directory synchronization ran will not
be created in Office 365. Likewise, changes and deletions of AD accounts also will not
be reflected in Office 365 since the last time it ran. However, existing user accounts will
continue to work regardless of directory synchronization being unavailable. Of course, it
is not desirable that directory synchronization be unavailable for an extended period of
time because the delta between your AD and your Office 365 tenant will grow. You also
might have to think of a backup plan to provide access to Office 365 services for your
new users. However, it is not necessary for you to overly invest in high availability
strategies for directory synchronization. It is much more important to invest in high
availability for AD FS than for directory synchronization, so you should invest your limited
system resources accordingly. As an example, we had a customer with over 25,000 AD
accounts, and the customer experienced some AD issues that were unrelated to Office
365. However, as part of the AD troubleshooting process, we had to shut down directory
synchronization for a few days. Office 365 services were unaffected during that period
of time.
Follow these steps to download and install directory synchronization:
1. Log on to Office 365 as a global administrator and from the admin center, click users
and groups.
2. Click the Set up link for Active Directory synchronization, as previously shown in
Figure 4-8. However, this time locate Step 4 of the process and click the download
button, as shown in Figure 4-11. Notice that if directory synchronization is not yet fully
activated, there will be a banner at the top of the screen stating that Active Directory
synchronization is being activated and that the process might take up to 24 hours to
