MDM in SCCM 2012 R2 - Windows Azure Active Directory Sync (DirSync)

Back to ConfigMgr main menu

Back to MDM Menu

Previously our public domain was added to Windows Intune and verified by Microsoft (see Windows Intune section).

An alternative UPN was created in AD and added to the account of all users required to enrol devices. These users were discovered by ConfigMgr and added to the “Intune Users” collection.

Now we must configure Windows Azure Active Directory Synchronisation (DirSync) to synchronise these user accounts with Azure (Microsoft Online Directory Services).

Log into Windows Intune and Activate Active Directory Sync.

Confirm Activation.

Download the DirSync utility.

Note that you must Run as Administrator

Error - DirSync requires .Net Framework. Install this first.

Launch the setup again.

Accept the License terms.

Choose your installation folder.

DirSync installing.

Installation complete.

Launch the "Start Configuration Wizard".

 Enter your Intune credentials.

Enter your AD credentials.

Do not choose to enable hybrid deployment.

Enable Password sync.

Configuration is now complete.

Do not choose to synchronise now. This will synchronise your entire Active Directory to Azure. You will want to customise this to include specific OUs only.

Ensure that your user account is a member of the local group FIMSyncAdmins.

Browse to the folder below and launch miisclient.exe as Administrator.

C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe

Select Management Agents and double-click Active Directory Connector.

Choose "Configure Directory Partitions" and select 'Containers'.

Enter your AD crendtials.

Choose the OUs your require.

Click OK to close.

Right click and choose to Run now.

Choose Full Import Full Sync.

See progress.

Sync complete.

Note that DirSync will continue to synchronise with Azure every 3 hours by default. You can run it manually using the procedure above it required.