Reminder You must accept the enclosed License Terms in order to use this software. You cannot distribute download packages. Microsoft Azure Fundamentals training at Koenig Solutions IT training boot camp. This course includes how to execute Office 365 in a large commercial environment. With a continued focus on cloud, Active Directory Windows Server 2016 will see some important improvements. Heres whats new in AD Domain Services, Federation. Troubleshooting synchronization with Windows Azure Active Directory WAAD Part 1If you would like to read the other parts in this article series please go to Introduction. The Microsoft Azure solution allows synchronization of on premises Active Directory with the Windows Azure Active Directory WAAD, and that enables organizations to authenticate several services using WAAD, such as Office. Exchange Online Protection EOP, Lync Online, Share. Point online and so forth. The tool responsible for this synchronization process is the Directory Sync Configuration and the installation process is well documented in the Office. The goal of this article series is to list some hints and tools to help exchange administrators troubleshoot Active Directory replication with WAAD. Most of the hints that we will show here are scattered on the Internet a bunch of great tips here at MSExchange. The article series will start with hints during the installation of the directory synchronization tool, and some tools available for the exchange administrators. Serial Windows Server 2012 R2 Standard X64. Installation process. The goal of this article is not to provide a step by step guide of the tool, however there are a few steps worth mentioning to get things working and that will be our focus in this section. In Order To Install Windows Azure Active Directory' title='In Order To Install Windows Azure Active Directory' />If you would like to read the other parts in this article series please go to Troubleshooting synchronization with Windows Azure Active Directory WAAD Part 1. The first step is to get your trial account go here and as part of the process you will be assigned the first user name which will use the following format lt Name lt String Related to your. Domain. onmicrosoft. Office. 36. 5 your first step is to activate the domain. After validating and activating the domain, the next step is to create an account to be the synchronization account in the cloud. Here are the steps that can be used to create such account Logon on Office. Click on users and groups. Click on On the first page Figure 0. Lets use the domain that we validated in the previous step in our Article will be Apatricio. Figure 0. 1On the Settings page, assign the role Global Administrator to the account Figure 0. Alternate email address field, and then the Country. Figure 0. 2On the assign licenses page, do not assign any license and continue with the wizard to complete the creation of the new account using default values when appropriate. The last page will provide the temporary password. Log off the current session and log on using the new service account that we have just created. The first task will be resetting of the password. Make sure to use a strong password for this account. The next logical step is to enable the synchronization and download the tool Figure 0. Both steps can be done by clicking users and groups, and then Set up located on the Active Directory Synchronization line. On the new page, click Activate at step 3, and download the Directory Sync Tool to the server that will be the responsible for synchronization. Figure 0. 3Before installing the tool, make sure that you install the. Net Framework 3. 5 includes. NET 2. 0 and 3. 0 which by the way will require the Windows Server media to be installed and. Net Framework 4. 5. Both of them can be installed either from the Server Manager or Power. Shell on Windows Server 2. R2 server. It is not a requirement but during the troubleshooting process, we will need to check Active Directory users object attributes and for that reason my recommendation is to install the Active Directory tools in the same server running the Synchronization Tool. You can add them by running Add Windows. Feature RSAT ADDS from Windows Power. Shell. Install the tool using the default values we will have to provide our svc. Hybrid Configuration andor password synchronization. Important Note As soon as the tool is installed, a logoff is necessary to guarantee that all group membership is in place. The logoff is required otherwise the tools covered in the next section will not work. Getting to know the Tools available. After installing the tool and running the Configuration Wizard, the next step is to make sure that everything is working properly and we have a couple of built in tools to validate the replication process. Our first stop will be on the root folder of the tool which by default is located at C Program FilesWindows Azure Active Directory Sync Figure 0. We have 2 two tools the first one is Config. Wizard which can be used to reconfigure the synchronization settings using the same wizard when we ran the tool for the first time. Note In the same location, we have the dirsync. Setup. log file in case something goes South during the installation, using that file we can always check the log of the installation process. Figure 0. 4The second one is Dir. Sync. Config. Shell which will open a Windows Power. Shell and from there we can run the Start Online. Coexistence. Sync cmdlet which will trigger a synchronization with WAAD, as shown in Figure 0. Figure 0. 5It is pretty cool to force synchronization and we can always check on the Application of the Event Viewer what happened but from a troubleshooting perspective the most important thing is to see what is going on. If there are any issues then we should be able to pin point the issue, right We can do that using the FIM Forefront Identity Manager 2. R2 client which is the piece of software responsible for the synchronization process. The tool is installed by default in the following location C Program FilesWindows Azure Active Directory SyncSYNCBUSSynchronization ServiceUIShell. To run it double click miisclient Figure 0. Figure 0. 6For starters the main page of the tool will have the Operations area where all the tasks used during the synchronization cycles are listed Figure 0. When selecting any given operation from that list we will have the details at the bottom statistics and export errors which will help the troubleshooting process. Figure 0. 7Another set of tools that helps in some tasks is the Windows Azure Active Directory Module for Windows Power. Shell that allows administrators more flexibility to perform some activities that are not supported using the Office. In order to install these tools, Microsoft. Online Services Sign in Assistant must be installed and both utilities can be found at MicrosoftOffice 3. The following website has links for the latest tools and supported cmdlets. Conclusion. In this first article of our series we covered some hints related to the installation of the Directory Synchronization tools and the tools available to troubleshoot the integration between the on premises Active Directory and Windows Azure Active Directory. If you would like to read the other parts in this article series please go to. Changing User Principal Names UPN with Azure Active Directory Sync Tool Dir. Sync Tim Raines Blog. In this post I want to document the process to make changes to a users UPN value when synchronising a federated domain from an on premises Active Directory to Azure Active Directory used by Office 3. Problem Summary You want to update the user principal name UPN of an on premises Active Directory Domain Services AD DS user account. However, directory synchronisation doesnt propagate the change from one federated domain directly to another federated domain for a user ID in a Microsoft cloud service such as Office 3. Microsoft Azure, or Microsoft Intune. Solution Changes to UPN values are not replicated by default as the technical implications can create issues for end users. Therefore the only way to make the change is via Power. Shell. Firstly the system you intend to execute the Power. Shell commands from needs some pre requisites. Download and install the following in this order these downloads assume you are using a 6. Now open Windows Azure Active Directory Module for Windows Power. Shell from the start menu or desktop, be sure to Run as Administrator. Next, we need to open a new management session with Azure AD  to do this run the following command. Connect MSOLService. When challenged for credentials, enter an account that has Global Administrator permissions to the tenant that you plan to change UPN values for. Now that youare connected to the cloud tenant, use the following command to update a users. UPN value. Set Msol. User. Principal. Name User. Principal. Name user. New. User. Principal. Name user. 1newdomain. Hope this helps others who might be stuck with this same problem when using the Dir. Sync tool to mirror and on premises Active Directory with Azure Active Directory. Reference used to write this post https support.