Moving from DirSync or FIM to Azure Active Directory Sync

  • Article

Updated: July 22, 2015

Important

This topic will be archived soon.
There is a new product called “Azure Active Directory Connect” that replaces AADSync and DirSync.
Azure AD Connect incorporates the components and functionality previously released as Dirsync and AAD Sync.
At some point in the future, support for Dirsync and AAD Sync will end.
These tools are no longer being updated individually with feature improvements, and all future improvements will be included in updates to Azure AD Connect.

For the most recent information about Azure Active Directory Connect, see Integrating your on-premises identities with Azure Active Directory

Customers already using DirSync or FIM+AAD Connector to connect to Azure AD and Office 365 can continue to use the existing solution. These are still supported.

Moving to AADSync will for most customers be relevant when a new feature is required that is only available in AADSync. For a comparison of features and to help determine which one is the best for you see: Directory Integration Tools.

The following methods are supported when moving to AADSync from an existing deployment:

  • Install AADSync on the same server as DirSync or FIM

  • Side-By-Side deployment on a new server

Install AADSync on the same server as DirSync or FIM

This option would be recommended for most customers with a small and simple deployment. If it is expected that the deployment will take less than 3 hours, then follow these steps:

  • Uninstall DirSync or FIM

  • Install AADSync on the same server

During initial installation, AADSync will read identity data from on-premises Active Directory and Azure AD. The data will be matched and only needed changes will be sent to Azure AD.

Side-By-Side deployment on a new server

This option would be recommended for customers using FIM, with a complex DirSync deployment, or where the topology would change, e.g. you only used to synchronize one forest with DirSync but will add a second forest with AADSync.

In this method, a second AADSync server will be installed in parallel with the existing DirSync/FIM server. The data will be preprocessed and the data can be analyzed before switching to AADSync.

Warning

At one single time only one DirSync/FIM/AADSync server is allowed to export to a single Azure AD directory. To have more than one synchronization server exporting to a single AD directory is unsupported.

Follow these steps for this method:

  1. Prepare

  2. Import and Synchronize

  3. Verify

  4. Switch from DirSync or FIM

Prepare

  1. Install AADSync and make sure to Unselect start synchronization on the last page in the installation guide. This will allow us to run the Sync Services without exporting to Azure AD.

  2. Logoff/logon and from the start menu select Synchronization Service.

Import and Synchronize

  1. Select Connectors, and select the first Connector with the type Active Directory Domain Services. Click on Run, select Full import, and OK. Do this for all Connectors of this type.

  2. Select the Connector with type Windows Azure Active Directory (Microsoft). Click on Run, select Full import, and OK.

  3. Make sure Connectors is still selected and for each Connector with type Active Directory Domain Services, click Run, select Delta Synchronization, and OK.

  4. Select the Connector with type Windows Azure Active Directory (Microsoft). Click Run, select Delta Synchronization, and then OK.

We have now staged export changes to Azure AD and on-premises AD if you are using Exchange hybrid deployment. The next steps will allow you to inspect what is about to change before you actually start the export to the directories.

Verify

  1. Start a cmd prompt and go to %Program Files%\Microsoft Azure AD Sync\bin

  2. Run: csexport <name of Connector> %temp%\export.xml /f:x

    Note

    The name of the Connector can be found in Synchronization Service.

  3. Run: CSExportAnalyzer %temp%\export.xml > %temp%\export.csv

  4. You now have a file in %temp% named export.csv which can be examined in Microsoft Excel. This file contains all changes which are about to be exported.

  5. Make necessary changes to the data or configuration and run these steps again until the changes which are about to be exported are expected.

Switch from DirSync or FIM

  1. Turn off the DirSync/FIM server so it is not exporting to Azure AD.

  2. On the AADSync server, start Task Scheduler and find Azure AD Sync Scheduler. Select to enable this task.

See Also

Concepts

Azure Active Directory Sync