AADSync Updates

Updated on 28 August 2015

IMPORTANT: AAD Connect has replaced AADSync and DirSync. Reference: Azure Active Directory Sync

AADSync Replaced

+++++

Last week, I had the opportunity to attend the Office 365 Summit in San Diego on 11-12 Dec 2014. Every session was great and the discussions had were valuable. In the ‘Identity Management Integration Options for Office 365‘ session with Luca Bandinelli (Senior Program Manager Lead, Office 365 Customer Advisory Team), I asked specifically about the roadmap for AADSync and future use of DirSync. Here is a summary of bullet points from that discussion and Luca’s follow up to a couple of my questions.

  • Password write-back is now generally available and can be enabled for Premium customers.
  • The password write-back schedule is the same as the password synchronization schedule; every two minutes.
  • AADSync is not recommended to be installed on a domain controller. Though it can be installed, it is only in specific scenarios in which it should be done (i.e. customer resource limitations, security concerns).
    • Per Luca, “Reason why it’s not recommended has to do on how much work the box has to do. Imagine that in a large environment you need to properly do sizing and planning of all your machines. Then you plan for Domain Controllers in order to be able to do what: authenticate, keep AD in Sync among DCs and serve LDAP queries. If you install AADSync on one of the domain controllers:
      1) First you’re installing a couple of services (password sync and SQL express) which will slightly use memory and CPU differently on that DC compared to other DCs.
      2) When sync runs (and especially the first sync) you will have memory and CPU (and Disk I/O to write to the local SQL instance) usage that will be different to other DCs.  That’s the reason behind that recommendation: it’s not that the code / tool is unable to handle that. It’s because it’s a new piece that needs to be properly planned and sized on the DC.”
  • AADSync is recommended to be installed on a machine with Windows Server 2012 R2.
  • As of today, AADSync has replaced DirSync, which is being deprecated. Though DirSync is still available to download in the Office 365 Admin Center, please use AADSync going forward.

The published documentation my differ from what was discussed above (as these announcements came in advance of the TechNet/MSDN article updates). Please take care to make sure this information is understood in the context it was provided before implementing for your environment.

I hope this information is relevant and will help with your planning and success with implementing updates for your hybrid, synchronized or federated environment.

Related Article(s):

Reference(s):

Advertisements

2 thoughts on “AADSync Updates

  1. Hi Tod and nice to meet you!
    I used your AAdsync blog posts quite some times now and i have to admid they helped me a lot!
    I have a question, in my scenario i have installed the 1.0.475.1202 and i have some password sync issue. I saw that the new version, the 1.0.485.0222 could resolve it.
    I have to do an uninstall of the old version or is it possible to do some kind of upgrade?

    Bye for now.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s