https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/what-is-cloud-sync
https://setup.cloud.microsoft/entra/add-or-sync-users-to-microsoft-entra-id
To check sync errors: https://admin.microsoft.com/Adminportal/Home#/dirsyncobjecterrors
- AD Sync is old stuff and we dont use that anymore. instead, use Entra Cloud Sync. This new software supports syncing from multiple disconnected forests (like softwise.co and checkcity.local) and also supports HA configurations. (To setup HA just perform steps 1-4 on additional domain controllers in the same domain.)
- Download the agent to install on the server
- Install the agent
- Configure the agent:
- Click “Next”
- Then select the extension to sync to “Microsoft Entra Cloud Sync”
- Authenticate to Azure (this account needs to be a global admin)
- Create gMSA. (If you have already created one then this option will search for, find, and re-use the existing gMSA.)
- Your domain should already be listed and authenticated. Click “Next”
- Verify the information and click “Confirm”
- Then select the extension to sync to “Microsoft Entra Cloud Sync”
- Click “Next”
- Configure Azure if this is a new domain that is getting synced. (If this is a new agent for an existing domain then you are done – no further steps are needed.)
- If this is a newly synced domain then you will need to create 2 new configurations in the Cloud sync azure portal. (one from AD, and one to AD)
- Go to: https://portal.azure.com/#view/Microsoft_AAD_Connect_Provisioning/CloudSyncMenuBlade/~/CloudSyncConfigurations
- Click “New Configuration”, then click “AD to Microsoft Entra ID sync”
- Select the new domain from the dropdown list and then click “Create”
- Click “Review and enable”
- Click “Enable configuration”
- Click “New Configuration”, then click “Microsoft Entra ID to AD sync”
- Select the new domain from the dropdown list and then click “Create”
- Click “Review and enable”
- Click “Enable configuration”
- You should now see the new domain’s 2 syncs with green checkmarks next to them
