How to Setup Azure AD Cloud Sync

How to Setup Azure AD Cloud Sync? Step-by-Step Guide

by

How to setup Azure AD cloud sync? Azure Active Directory (Azure AD) Cloud Sync is a powerful tool that allows organizations to synchronize their on-premises Active Directory identities with Azure AD. It provides a lightweight agent-based approach to identity synchronization, making it an ideal solution for organizations that want an easier alternative to Azure AD Connect. This guide will walk you through the steps to how to setup Azure AD Cloud sync efficiently.

Prerequisites

Before setting up Azure AD Cloud Sync, ensure you have the following:

  • An Azure AD tenant with administrative privileges
  • An on-premises Active Directory
  • A Windows Server (2012 R2 or later) to install the Cloud Sync agent
  • Internet connectivity to Azure AD endpoints
  • Azure AD Connect Cloud Sync enabled in your Azure AD tenant

Step-by-Step Guide to Setup Azure AD Cloud Sync

Step-1: Verify Your Azure AD Tenant

  1. Sign in to the Microsoft Entra Admin Center with your Global Administrator credentials.
  2. Navigate to Azure Active Directory > Connectors to confirm that Azure AD Cloud Sync is available.

Step-2: Install the Azure AD Cloud Sync Agent

  1. On your designated Windows Server, download the Azure AD Cloud Sync Agent from the Microsoft Download Center.
  2. Run the installer and follow the on-screen instructions:
    • Accept the license agreement.
    • Choose the installation directory.
    • Click Install to proceed.
  3. After installation, the agent registration window will appear.

Step-3: Configure the Cloud Sync Agent

  1. Sign in using your Azure AD Global Administrator credentials.
  2. The agent will automatically register with your Azure AD tenant.
  3. Once registered, go back to the Microsoft Entra Admin Center and navigate to Azure AD Connect > Cloud Sync.
  4. Verify that the agent is listed and shows a Healthy status.

Step-4: Configure Synchronization Settings

  1. In the Microsoft Entra Admin Center, go to Azure AD Connect > Cloud Sync.
  2. Click Manage synchronization to configure sync settings.
  3. Choose the on-premises Active Directory forest and click Next.
  4. Define the synchronization settings:
    • Select which Organizational Units (OUs) to sync.
    • Map on-premises attributes to Azure AD attributes.
    • Enable Password Hash Synchronization (optional, but recommended for password sync).
  5. Click Save to apply changes.

Step-5: Verify and Monitor Synchronization

  1. Go to Azure AD Connect > Cloud Sync > Sync Status to check the sync progress.
  2. Run a manual sync to test the setup:
    • Open PowerShell on the server where the agent is installed.
    • Run the command:
      Start-ADSyncSyncCycle -PolicyType Delta
    • Verify that user objects appear in Azure AD.
  3. Check logs in Event Viewer > Applications and Services Logs > Azure AD Connect for errors or warnings.

Step-6: Enable Hybrid Identity Features (Optional)

If you need additional hybrid identity capabilities, such as Single Sign-On (SSO) or Seamless Authentication, configure them in Azure AD.

  • In Azure AD Connect, enable Seamless SSO for seamless user authentication.
  • Deploy Group Policy Objects (GPOs) to auto-sign in domain-joined devices.
  • Configure Conditional Access policies for enhanced security.

Troubleshooting Common Issues

Agent Not Registering

  • Ensure the server has internet access.
  • Verify Azure AD Global Admin credentials.
  • Restart the Azure AD Connect Cloud Sync Agent service.

Users Not Syncing

  • Check Organizational Unit (OU) filtering settings.
  • Ensure users have email addresses and UPNs configured.
  • Run a full sync:
    Start-ADSyncSyncCycle -PolicyType Initial

Password Sync Not Working

  • Verify Password Hash Sync is enabled.
  • Reset a user’s password and check if it syncs.
  • Review logs in Event Viewer for sync errors.

Conclusion

How to setup Azure AD Cloud sync? Azure AD Cloud Sync simplifies identity synchronization for organizations looking for a lightweight and efficient solution. By following this guide, you can set up Azure AD Cloud Sync and ensure seamless integration between your on-premises AD and Azure AD. Regularly monitor synchronization status and logs to maintain a healthy identity sync process.

Would you like a deeper dive into any specific configuration, such as Conditional Access or advanced sync troubleshooting?