A Simple Guide for Beginners
Before you install Azure AD Connect, you must make sure that your environment meets the basic requirements. This ensures a smooth installation and prevents sync failures later. Below are the essential prerequisites every beginner should know.
π· 1. Active Directory Requirements (On-Prem Domain)
Azure AD Connect requires a healthy on-premises Active Directory environment.
β A Windows Server AD Domain
- Must be Windows Server 2003 or later
- Domain functional level Windows Server 2003 or higher
- Forest functional level Windows Server 2003 or higher
β Domain Must Be Routable
Your internal domain should be reachable from the server where Azure AD Connect is installed.
β A Verified Domain Name
The UPN suffix should match your Azure domain.
Example:
AD UPN: user@maharjan.local β (Not supported)
Azure AD: user@maharjan.com β
If needed, add a new UPN suffix in AD:
Active Directory Domains and Trusts β Properties β UPN Suffixπ· 2. Azure AD Tenant Requirements (Cloud Environment)
You must have:
β An Active Azure AD Tenant
This can be created freely at: https://azure.microsoft.com
β A Verified Custom Domain
You must verify your company domain (example: maharjan.com) in Azure AD.
Azure Portal β Azure Active Directory β Custom domain names
β Required Administrator Account
You need:
- Azure AD Global Administrator
(Only required during installation)
After installation, you can remove this role for better security.
π· 3. Server Requirements for Azure AD Connect
Azure AD Connect must be installed on a supported Windows Server.
β Supported Operating Systems
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
β Hardware Requirements (Minimum)
- CPU: 1.6 GHz
- RAM: 4 GB (8β16 GB recommended for larger orgs)
- Disk: At least 70β100 MB for installation
- .NET Framework: 4.7.1 or later
β Important Notes
- The server must be domain-joined
- Do NOT install Azure AD Connect on:
- A Domain Controller (not recommended)
- Exchange Server
- SQL Server hosting important data
Best practice:
π’ Use a dedicated server just for Azure AD Connect.
π· 4. Network & Connectivity Requirements
Azure AD Connect requires outbound internet access.
β Required Ports (Outbound)
| Port | Protocol | Purpose |
|---|---|---|
| 443 | HTTPS | Sync with Azure AD |
| 80 | HTTP | Certificate and endpoint checks |
| 389 | LDAP | On-prem AD queries |
| 636 | LDAPS | Secure LDAP (optional) |
β Firewall & Proxy
If using a proxy, ensure Azure AD Connect is permitted through it.
π· 5. Account & Permission Requirements
β On-Prem AD Account
You will need:
- Enterprise Admin or
- Domain Admin (only during setup)
Azure AD Connect automatically creates a least-privilege sync account.
β Azure AD Account
- Must be Global Administrator
β Service Account
Azure AD Connect creates:
- MSOL_XXXXXX account (used for sync engine)
You do not need to create it manually.
π· 6. SQL Requirements (Optional)
Azure AD Connect includes SQL Express by default β suitable for up to ~100k objects.
For larger environments:
Use Full SQL Server if:
- More than 100k directory objects
- You need clustering
- You want high availability
Supported SQL versions:
- SQL Server 2012 β SQL Server 2019
π· 7. Supported Environments
Azure AD Connect supports:
β Single Forest
Most common scenario.
β Multi-Forest
Including:
- Resource forests
- Account forests
- Trust relationships
β Disjoint Namespaces
Supported with proper configuration.
β Hybrid Environments
AD + Azure AD + Microsoft 365
π· 8. Health Check Before Installation (Recommended)
Before installing, ensure:
β Active Directory health is good
Run:
dcdiag /v
repadmin /replsummary
β DNS is working correctly
Azure AD Connect depends heavily on AD DNS.
β Time synchronization is correct
Time skew can break authentication.
β Conclusion
Before installing Azure AD Connect, it is important to ensure:
- Your Active Directory domain is healthy
- Your Azure AD tenant is set up and verified
- You have the necessary permissions
- Your server meets the system requirements
- Network connectivity is properly configured
Once these prerequisites are met, youβre ready to install Azure AD Connect smoothly and start your hybrid identity journey.
