NOTE: Information listed here is good as of 2/6/2015 and is subject to change.
You may be wondering why this is posted on the Power BI Support Blog. Azure Active Directory ties into Power BI when you want to use the Analysis Services Connector.
The Analysis Services Connector is a new item with the Power BI Service that will allow you to stream live data from an on premises Tabular instance for use with reports and dashboards. One of the requirements for that is that DirSync be enabled for your Tenant so we can pass the user by way of EffectiveUser. We will cover that more in another post though.
If we want to use that Connector, we have to setup DirSync with Azure Active Directory. So, what how do we do that? That’s what we are going to look at in this post. I took my guyinacube.com local domain that resides in some VMs and worked on getting that connected with my guyinacube.com O365 Tenant that I have from when I did the IT Admin Takeover.
This requires that you actually have an Active Directory domain that we can use, as well as an O365 Tenant that you are an admin of. If you don’t have an O365 Tenant, this won’t work.
We are going to start in the O365 Admin portal. In the bottom area of the left navigation, you will see an Admin section. If you don’t see that, you aren’t an admin of the tenant. Within there you should see Azure AD. Click on that.
This will take you to the Azure Portal. You will need to sign in. If you don’t have an account, you can create one at that time. In my case, I didn’t have an account, so when I went in, it only showed me the Active Directory items and no other service. You should see your domain listed that is present with your O365 Tenant. Click on your Domain.
You will then be presented with a Get Started screen. This can walk you through setting up the integration. Your Domain should already be added, so step 1 is done. If it isn’t, you can add it at this point. Step 2 is really what we are going to look at.
We can verify our domains by clicking on the Domains tab. In my case, I have 3. For my local Active Directory, I actually have a Parent and Child domain. I had to add the Child Domain manually, but if the parent is verified, you don’t need to verify the child. Guyinacube.com is my primary domain.
We can then go to the Directory Integration tab. The first thing we want to do is click on Activated for Directory Sync and then Save.
You then need to download the Directory Sync tool under step 3 under Deploy and Manage. I saved this and ran it on my Domain Controller. My understanding is that you can do this on any machine in the Domain although I haven’t tried that. It is called dirsync.exe. Make sure you run this as Administrator.
You can just go with the defaults unless you want a different path for it to install to. No real settings here. When it gets to Installing Components it indicates that this may take 10 minutes or longer. That’s about how long it took to install.
Once it is done, you can start the Configuration Wizard.
Before you start the Configuration Wizard, whatever account you are supplying to the wizard, and the account you are logged into, will need to be added to the local admin group of that machine. Even if it is a Domain Controller. Also, an AAD account will be created for the service. This account also needs to be added to the Local Admin group on that machine.
This first real step will be to supply your credentials for Azure Active Directory. So, this should be the account you are signed into within the Azure Portal. It needs to be an admin from Azure’s perspective.
Then you need to supply an Admin for your on premises Active Directory. This needs to be an Admin that is a member of the Enterprise Admin group.
For Hybrid Deployment and Password Synchronization, I enabled both. You will want to read about those two items to see if you want to enable those in your environment. I didn’t really care as this is just a playgroup setup and not a production environment.
After you click Next on Password Synchronization, it will begin to Configure.
Once Configuration is complete, you can click Finish which will start to Synchronize your directories.
You can check the status by going back to the Azure Portal on the Directory Integration tab. You will see a Last Sync status.
We can go back to the Azure portal and look at the users listed to see the result.
This will show my local users from both my Parent Domain and my Child Domain. This includes the Service Accounts that I created for my local SharePoint deployment.
Looking back in O365 Admin, at our user list their, we can see those users present now within my O365 Tenant, and the status of all of the users, except my original asaxton account, show Synced with Active Directory. The asaxton account is synced as well and will work with what you need it to.
Everything looks good with the Directory Sync at this point.
Syncing Directories Manually
The Syncing will occur regularly, but if you want to kick it off on your own, you can use the following PowerShell Command to do so.