Microsoft Office Tutorials and References
In Depth Information
Installing Windows Azure Active Directory Sync
Figure 4-11 Click the download button to install and configure the Directory Sync tool.
3. Ensure you have the proper credentials before beginning the directory
synchronization installation process:
❍ An AD account with Enterprise Administrator permissions
❍ An Office 365 account with the Global Administrator role
Security alert! At this point, you or your organization’s Chief Security Officer (CSO)
might be concerned about requiring AD Enterprise Administrator privileges, which
might constitute a roadblock. Therefore, it is worth spending some time looking
into how the AD Enterprise Administrator account is used. We mentioned earlier
that directory synchronization is intended to be a software tool with minimal
configuration. The AD Enterprise Administrator account is part of that plan because
the account is used only once during the directory synchronization setup process
to simplify configuration. It is used to create a service account with the
appropriate minimum set of privileges. After that, directory synchronization does not use
the Enterprise Administrator account again, and neither does it retain the AD
Enterprise Administrator’s credential information anywhere in its configuration.
The new service account created in AD by directory synchronization will take the
form MSOL_< some_numeric_value >, such as MSOL_1234567.