- Assumption
- You have the M365 tenant already created
– Example : avalontoshitoshi.omnimicrosoft.com - You don’t have to add your domain FQDN to the tenant.
- Your machine where Connect sync is configured on has TLS1.2 fully enabled.
Reg to be added- [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
- “SystemDefaultTlsVersions”=dword:00000001
- “SchUseStrongCrypto”=dword:00000001
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
- “Enabled”=dword:00000001
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
- “DisabledByDefault”=dword:00000000
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
- “Enabled”=dword:00000001
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
- You have the M365 tenant already created
- Set up
- Download Microsoft Entra ID Connect Sync
- Search “Micor..” in Admin Center
- You will move to Microsoft Entra Connect page.
- Find “” link and moved to the Download page.
- Download the file into your Domain Member Server.
- Search “Micor..” in Admin Center
- Create Hybrid Identity Administrator account
*Microsoft Entra Connect: Accounts and permissions – Microsoft Entra ID | Microsoft Learn
- Go to “User”.
- “New User” -> “Create New User”
- Go to “Microsoft Netra roles and administrators”
- Create the Account
- Confirm the account is created.
- Move to the Account properties. And select .”Assigned roles.” -> “Add assignments”.
- Search “Hybrid Identity Administrator” and select it -> “Add”
- Confirm the Hybrid Identity Administrator appears on Assigned roles in Sync User. (It takes a moment to get reflect.)
- If you already added your AD Domain, change the Hybrid identity Administrator UPN to match to your On-premises AD FQDN.
- Go to “User”.
- Install Microsoft Entra Connect Sync
*Microsoft Entra Connect and Microsoft Entra Connect Health installation roadmap. – Microsoft Entra ID | Microsoft Learn
*We use the Express Installation/Setting Microsoft Entra Connect: Get started by using express settings – Microsoft Entra ID | Microsoft Learn
*Make sure you are at On-Premises AD via your Active Directory Administrator account.
*You set up the Sync service on member server via using the Active Directory Domain Administrator.
- Execute the “AzureADConnect.msi”.
Yes.
Yes.
- On Welcome Screen, agree to the license.
Continue
- On Express Settings, click “User Express settings”.
- Connect to Azure AD window appears.
Specify the account and password where you prepared in previous section with Hybrid identity administrator role.
Next
- The connection is attempted.
If M365 Sign-in pops up, enter with the account.
Use Hybrid Identity Administrator role ID.
Sign-in and wait for a moment.
*There is a case that the password needs to be updated. Follow to it.
Process will get progresssed.
- Connect to AD DS window comes. Please enter the On-Premises Active Directory administrator credential.
Next
- Azure AD Sign-in Configuration comes up.
Confirm the “User principal name” suffix (For example, for your AD Account watanabe@avalon.toshitoshi.net) is ok. It may show that the UPN Suffix does not match to the Azure AD / Entra ID domain name. It is ok for now to continue.
Click “” and Continue.
- Ready to configure. “Install”.
- Installation will be progressed.
- If everything is ok, the connector service has been fully configured.
- Execute the “AzureADConnect.msi”.
- Enable sync (if you select not to make it enable while the Connector installation)
- https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-feature-scheduler
- Open Powershell in administrator mode.
- Type “Get-ADSyncScheduler” and check if the sync (SyncCycleEnabled) is enabled (true)
- To make Sync enabled, set True to SyncCycleEnabled by “Set-ADSyncScheduler -SyncCycleEnabled:$true”
- Check the sync.
- On the M365 admin center, check the All users.
- On the M365 admin center, check the All users.