Activate directory synchronization

Updated: June 21, 2015

Applies To: Azure, Office 365, Windows Intune

You must activate directory synchronization before you install the Directory Sync tool. When you activate directory synchronization, you are turning on this feature across your tenant and all the Microsoft cloud services that you are subscribed to. For more information about how activation in Azure AD works, see Directory synchronization and source of authority.

Before you activate directory synchronization, run the Microsoft Deployment Readiness Tool. This tool inspects your Active Directory environment, and then provides a report that includes a prerequisite check and an attribute assessment that are specific to the Directory Sync tool requirements.

If your environment doesn’t meet these requirements, the tool lists the changes you have to make before you can begin directory synchronization. It’s much easier to make directory changes before you activate and install the Directory Sync tool than to troubleshoot configuration errors after you have activated directory synchronization.

An important statistic to consider in the report that is created by the Deployment Readiness tool is the estimated total number of objects. This number is listed under Statistic in the Deployment Readiness tool. You must follow the recommendations made by the tool if you exceed the default total number of objects that the directory synchronization installation allows.

If you have verified a domain and you have more than 50,000 objects in your on-premises forest, you will need to contact Support before you activate directory synchronization.  If you have not verified a domain and the total number of objects in your on-premises forest exceeds 50,000, you will need to contact Support before you activate directory synchronization. If you don’t contact Support to increase your quota, directory synchronization will not complete.

If the total number of objects in your on-premises domain exceeds 50,000, you will need to contact Support before you activate directory synchronization. If your object count exceeds 50,000 and you don’t contact Support to increase your licensing count, directory synchronization will not complete.

More information The following steps can be completed using either the Office 365 account portal, the Microsoft Intune account portal or the Microsoft Azure AD portal, depending on which services your organization has subscribed to. In this way, portals act as front-end interfaces that pull in directory data associated with your organizations Azure AD tenant. For more information about using portals to manage your tenant, see Administering your Azure AD directory.

To activate directory synchronization, use the following steps:

  1. Install and run the Microsoft Deployment Readiness Tool.

  2. Depending on which portal you are using, do one of the following:

    1. If you are using Office 365 or another account portal, click Users, click Set up next to Active Directory synchronization, and then proceed to the next step.

    2. If you are using the Azure Management Portal, click Active Directory, click on your directory showing on the Enterprise Directory page, click Directory Integration, and then proceed to the next step.

    3. If you are using the Azure AD Preview Portal, in the left pane, click Integration, click Deploy directory sync, and then proceed to the next step.

  3. Click Activate.

    Warning

    If you are reactivating directory synchronization after it was previously deactivated, there is a potential to overwrite cloud directory object data. In this case, we recommend that you first review the topic Directory synchronization and source of authority to understand the variables and consequences of reactivating directory synchronization in your environment.

Note

The Windows PowerShell cmdlet to activate or reactivate directory synchronization is Set-MsolDirSyncEnabled –EnableDirSync $true. For more information, see Deactivate directory synchronization.

Next step: Install the Directory Sync tool

After you have activated directory synchronization, you are ready to Set up your directory sync computer.