Prerequisites for integrating with Active Directory
The following document provides the prerequisites for integrating with Active Directory.
Cloud sync
Hardware and software
Requirement | Description and more requirements |
---|---|
Windows server 2016 or greater that is or has: | • 4-GB RAM or more • .NET 4.7.1 runtime or greater • domain-joined • PowerShell execution policy set to Undefined or RemoteSigned • TLS 1.2 enabled |
Active Directory | • On-premises AD that has a forest functional level 2003 or higher |
Microsoft Entra tenant | • A tenant in Azure that's used to synchronize from on-premises |
For more information on the cloud sync prerequisites, see Cloud sync prerequisites.
Accounts
Requirement | Description and more requirements |
---|---|
Domain/Enterprise administrator | Required to install the agent on the server and create the gMSA service account. |
Hybrid Identity Administrator | Required to configure cloud sync. This account can't be a guest account. |
gMSA service account | Required to run the agent. |
For more information on the cloud sync accounts, and how to set up a custom gMSA account, see Cloud sync prerequisites.
Microsoft Entra Connect
Hardware and software
Requirement | Description and more requirements |
---|---|
Windows server 2016 or greater that is or has: | • 4-GB RAM or more • .NET 4.6.2 runtime or greater • domain-joined • PowerShell execution policy set to RemoteSigned • TLS 1.2 enabled • if federation is being used, the AD FS severs must be Windows Server 2012 R2 or higher and TLS/SSL certificates must be configured. |
Active Directory | • On-premises AD that has a forest functional level 2003 or higher • a writeable domain controller |
Microsoft Entra tenant | • A tenant in Azure used to synchronize from on-premises |
SQL Server | Microsoft Entra Connect requires a SQL Server database to store identity data. By default, a SQL Server 2019 Express LocalDB (a light version of SQL Server Express) is installed. For more information on using a SQL server, see Microsoft Entra Connect SQL server requirements |
For more information on the cloud sync prerequisites, see Microsoft Entra Connect prerequisites.
Accounts
Requirement | Description and more requirements |
---|---|
Enterprise administrator | Required to install Microsoft Entra Connect. |
Hybrid Identity Administrator | Required to configure cloud sync. This account can't be a guest account. This account must be a school or organization account and can't be a Microsoft account. |
Custom settings | If you use the custom settings installation path, you have more options. You can specify the following information: • AD DS Connector account • ADSync Service account • Microsoft Entra Connector account. For more information, see Custom installation settings. |
For more information on the Microsoft Entra Connect accounts, see Microsoft Entra Connect: Accounts and permissions.