How to Install the New Windows Azure Active Directory Sync (DirSync)

 

ActiveDirecotry2Windows Azure Active Directory Sync (DirSync) has gone through many iterations just in the last few years but the good news is it is getting easier to install and use. It used to be quite  pain to reinstall or migrate.  DirSync is the easiest way to sync your AD organization to Microsoft’s cloud including Azure, Office 365 and Exchange Online.

The current version can be downloaded here:

Windows Azure Active Directory Sync (DirSync)

If you have an older version of DirSync and want to move to the latest version I highly recommend it because the newer one is easier to use. To force sync on the older versions you click a lot in miisclient.exe in a very specific sequence or run PowerShell commands. The last iteration even included a script that had to be launched from PowerShell itself. It was not optimal for daily management.

If you are starting with a fresh install skip to the How to below. As you can only sync from one server at a time, there are only two possible scenarios if you had an older version installed already:

  1. Install on the same server – because the architectures are a bit different you can simply remove the old version of DirSync using Programs and Features and install the new version.
  2. Install on a different server – disable the service Azure Active Directory Sync on the old server or completely uninstall it and use the instructions below to install on the new server.

How to Install Windows Azure Active Directory Sync

Because the architectures are a bit different you can simply remove the old version of DirSync using Programs and Features and install the new version. Use the download link above to download the lastest version and open the exe file.

1

After you agree to the terms and select install it will run for a bit and disappear. Look on your desktop for this icon and open it.

icon-dir

You are now in the configuration window, enter your cloud credentials

2

Enter your on-prem credentials and select add forest and next

3

Configure any user matching parameters required, but the default is usually fine

4

Do not select any of these options at this time so you can setup and test the connection

5

Select next

6

Keep the Synchronize now box unchecked and select Finish

7

This is a good time for a restart to ensure you have been added to the appropriate security group and just to clear out any potential issues before you test the connection and finalize the configuration.

Once you restart, open the Synchronization Service, there should be a new icon on your desktop. This app is the replacement for miisclient.exe.

sync serv

You can observe what is being synced here and also check for errors with this app

sync mgr

Now we need to test if the configuration worked before we set the configuration to automatically sync. The easy way is to force synchronization with a shortcut.

How to Force DirSync Synchronization with a Shortcut

Right click anywhere on your desktop and select New > Shortcut

short

Paste this target box and select next

“C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe”

Choose a name, Finish

force

Once saved, select the new shortcut to test

force sync cmd

You should see the synchronization steps listed in the Sync Manager, any errors will show up in the lower right box

sync manager list

Sync successful! open up the Directory Synchronization tool again from the icon on your desktop and configure it for auto sync. Check the boxes for password synchronization and enable Synchronization on the last page.

If you ever need to remove DirSync from the server, go to Programs and Features and uninstall Windows Azure AD Sync and it will uninstall all other parts automatically.

uninstall

Read this article to learn how to increase the synchronization frequency of DirSync.

Hope this helps!

Issue When You Uninstall and Reinstall DirSync

If you uninstall Windows Azure Active Directory Sync (DirSync) from a server then later decide to reinstall it, you will get  one of several possible errors. You will not be allowed to to reinstall DirSync unless you delete the SQL server database and possibly  delete system accounts that are created on install. I had all sorts of fun challenges when moving DirSync to a different server then back again later when other priorities dictated that was the best move. Early on in the uninstall process I was at a loss to find any good articles on the internet after trying several comprehensive search phrases and I was wasting too much time clicking around.

When trying to reinstall DirSync the most common error message I got:

The install was unable to setup a required component. Check the event logs for more information. Please try the installation again, and if this error persists, contact Technical Support. Unable to uninstall the Windows Azure Active Directory Sync tool. Use the Control Panel to remove the Directory Sync tool.

There was one time during testing when DirSync failed to uninstall completely which was really fun. I had to take a deep dive into the registry at that point. Then I finally found a great article about a very similar experience and actually used the article more than once over the span of several months. Thank you Mr. Turley! 

I used different techniques for the different uninstalls but the two easiest and most effective were to delete the system accounts that are created when installing DirSync and delete the SQL database that is also created during the install process. Boom, done.

If you are interested in installing the latest version of DirSync where these problems are no longer an issue read this:

How to Install the New Windows Azure Active Directory Sync (DirSync)