Set up directory synchronization for Office 365

Office 365 uses the cloud-based user identity management service Azure Active Directory to manage users. You can also integrate your on-premises Active Directory with Azure AD by synchronizing your on-premises environment with Office 365. Once you set up synchronization you can decide to have their user authentication take place within Azure AD or within your on-premises directory.

Office 365 directory synchronization

You can either use synchronized identity or federated identity between your on-premises organization and Office 365. With synchronized identity, you manage your users on-premises, and they are authenticated by Azure AD when they use the same password in the cloud as on-premises. This is the most common directory synchronization scenario. Pass-through authentication or Federated identity, allows you to manage your users on-premises and they are authenticated by your on-premises directory. Federated identity requires additional configuration and enables your users to only sign in once. For details, read Understanding Office 365 Identity and Azure Active Directory.

Want to upgrade from Windows Azure Active Directory sync (DirSync) to Azure Active Directory Connect?

If you are currently using DirSync and want to upgrade, head over to for upgrade instructions.

Prerequisites for Azure AD Connect

You get a free subscription to Azure AD with your Office 365 subscription. When you set up directory synchronization, you will install Azure Active Directory Connect on one of your on-premises servers.

For Office 365 you will need to:

For your on-premises server on which you install Azure AD Connect you will need the following software:

Server OS Other software
Windows Server 2012 R2 - PowerShell is installed by default, no action is required.
- Net 4.5.1 and later releases are offered through Windows Update. Make sure you have installed the latest updates to Windows Server in the Control Panel.
Windows Server 2008 R2 with Service Pack 1 (SP1) or Windows Server 2012 - The latest version of PowerShell is available in Windows Management Framework 4.0. Search for it on Microsoft Download Center.
- .Net 4.5.1 and later releases are available on Microsoft Download Center.
Windows Server 2008 - The latest supported version of PowerShell is available in Windows Management Framework 3.0, available on Microsoft Download Center.
- .Net 4.5.1 and later releases are available on Microsoft Download Center.


If you're using Azure Active Directory DirSync, the maximum number of distribution group members that you can synchronize from your on-premises Active Directory to Azure Active Directory is 15,000. For Azure AD Connect, that number is 50,000.

To more carefully review hardware, software, account and permissions requirements, SSL certificate requirements, and object limits for Azure AD Connect, read Prerequisites for Azure Active Directory Connect.

You can also review the Azure AD Connect version release history to see what is included and fixed in each release.

To set up directory synchronization

  1. Sign in to the Microsoft 365 admin center and choose Users > Active Users on the left navigation.

  2. In the admin center, on the Active users page, choose More > Directory synchronization.

    In the More menu, choose Directory synchronization

  3. On the Active Directory preparation page, select the Download Microsoft Azure Active Directory Connect tool link to get started. For more information about the Azure Active Directory Connect installation process, see Azure AD Connect and Azure AD Connect Health installation roadmap.

Assign licenses to synchronized users

After you have synchronized your users to Office 365, they are created but you need to assign licenses to them so they can use Office 365 features, such as mail. For instructions, see Assign licenses to users in Office 365 for business.

Finish setting up domains

Follow the steps in Create DNS records for Office 365 when you manage your DNS records to finish setting up your domains.