Preparing your environment for the cloud

By Aaron Guilmette, Ed Fisher, Darryl Kegg
6/26/2023

Contents

Setting up your subscription
Assigning administrators
Configuring DNS, firewalls, and proxy servers
Preparing your directories
Updating and deploying client software
Synchronizing your users
Licensing your users
What's next?

Synchronizing your users

The next step in your deployment of Microsoft 365 will be the synchronization of your users to Azure Active Directory.

Synchronization is performed using the Azure Active Directory Connect tool, typically referred to as Azure AD Connect or AAD Connect. AAD Connect is a free download from Microsoft for Microsoft 365 users and is based upon the Microsoft Identity Manager (MIM) product line.

While simple in theory, the directory synchronization process can be very involved when installing and configuring the AAD Connect tool. In addition to selecting objects and organizational units, the AAD Connect tool can also be configured to support features like pass-through authentication, group writeback, password writeback, Exchange Hybrid writeback, and device writeback.

Chapter 9, “Identity and authentication planning,” and Chapter 10, “Installing AAD Connect,” contain an in-depth look into directory synchronization, features, and installation options.

Once the synchronization engine has been installed, it is important to pay attention to the synchronization statistics for each of the run profile steps on the Operations tab of the AAD Connect tool, as shown in Figure 2-32.

Figure 2-32 The Operations view in AAD Connect

While it is important to review all errors reported in the Status column, those operations for the Azure connector, typically named tenant.onmicrosoft.com, should be reviewed carefully.

Any errors on the Azure connector will mean either bad or missing data in Microsoft 365. In fact, if the IDFix tool has been run and all issues are resolved before installation of the AAD Connect tool, the Azure connector should not show any errors related to data problems.

If errors do appear in the synchronization statistics view, the data provided there might not be sufficient to diagnose the issue adequately. In those cases, we recommend reviewing the Application Event Log for more detail.

While it’s not 100 percent inclusive of events returned by the AAD Connect engine (primarily because the tool is constantly evolving and maturing), this data represents the most common and important events that should be reviewed and included in any event log monitoring utilities.

Save to your account