Azure - DirSync

How to waste an entire afternoon!

Finally got AAD Connect installed at a Canberra government department.

 

remove any inspection on

*.microsoftonline.com

 

then

 

  fixed proxy: proxy must allow

   • adminwebservice.microsoftonline.com

   • login.microsoftonline.com

   • provisioningapi.microsoftonline.com

   

then created a globaladmin account in AAD to use for the dirsynch, made him a subscription admin for good measure.

 

oh.. and on the on-premises box, the Local Policy on the box to grant run as a service.. check if Group Policy is blocking that...

Hmm.. Got failures on the setup of AAD Connect. Grrr…

 

THEN as per https://social.technet.microsoft.com/wiki/contents/articles/31148.deploying-azure-active-directory-sync-behind-a-proxy.aspx 

Had to alter the machine.config etc. to have the proxy settings. Still no go. GRR...

 

AND the very last thing to get it all working

    netsh winhhtp import proxy ie

 

now run the AAD Connect installer and it (finally) completes. Yay!

 

One last gotcha - password Sync was not working. Hmmm..

Turns out the account did not have appropriate AD rights, so got them to fix that.

Yay! All now works as desired.

 

A colleague bitten too:

"Turns out the account we were using to install the AAD connect tool wasn’t Enterprise Admin even though the service account was."