Azure AD Connect Prerequisites
Before You Install Azure AD Connect
Azure AD
Prepare Your On-Premises Data
- Use IdFix to identify and correct directory errors before synchronization.
- Review optional sync features for Azure AD and evaluate which features to enable.
On-Premises Active Directory
- The Active Directory schema version and forest functional level must be Windows Server 2003 or later.
- The domain controller must be writable; read-only domain controllers are not supported.
- Using "dotted" NetBIOS names is not supported.
- It is recommended to enable the Active Directory recycle bin.
PowerShell Execution Policy
- Ensure that PowerShell execution policy allows running signed scripts. The recommended policy is "RemoteSigned".
- For more information, see Set-ExecutionPolicy.
Azure AD Connect Server
Installation Prerequisites
- Azure AD Connect must be installed on a domain-joined Windows Server 2016 or later. We recommend Windows Server 2022.
- The minimum .NET Framework version required is 4.6.2.
- Azure AD Connect can't be installed on Small Business Server or Windows Server Essentials (except Windows Server Essentials 2019).
- The server must have a full GUI installed; Windows Server Core is not supported.
- PowerShell Transcription Group Policy must be disabled if using Azure AD Connect wizard for AD FS configuration.
- If deploying AD FS, servers must be Windows Server 2012 R2 or later with TLS/SSL certificates configured.
- Do not break and analyze traffic between Azure AD Connect and Azure AD.
- Ensure that Hybrid Identity Administrators with MFA have the URL `https://secure.aadcdn.microsoftonline-p.com` in the trusted sites list.
- Check prerequisites for Azure AD Connect Health if using it for syncing.
Harden Your Azure AD Connect Server
SQL Server Used by Azure AD Connect
- Azure AD Connect requires a SQL Server database. By default, SQL Server 2019 Express LocalDB is used.
- For higher volumes, use a different SQL Server installation. Refer to the performance of Azure AD Connect.
- Azure AD Connect supports SQL Server versions up to 2019. Azure SQL Database is not supported.
- Use a case-insensitive SQL collation. Case-sensitive collations are not supported.
- Only one sync engine per SQL instance is supported.
Accounts
- You must have an Azure AD Global Administrator or Hybrid Identity Administrator account for the Azure AD tenant.
- For express settings or DirSync upgrades, an Enterprise Administrator account is required for on-premises Active Directory.
- Custom settings installations provide more options. See Custom Installation Settings.
Known Issues
- Ensure the Azure AD Connect server is time-synchronized with Active Directory domain controllers.
- For more known issues, refer to troubleshooting Azure AD Connect.