Prepare AzureAD Connect with IdFix

Before you go up a link with AzureAD through AzureAD Connect, it is good to prepare your on-prem Active Directory. There are several requirements such as a routable UPN suffix, a delegated sync server, internet connectivity, Domain functional level on 2003, etcetera. The complete list can you find here ..

What's often forgotten is good see if all users and groups that need to be synchronized comply with the standards. So I know environments where the character '&’ in a lot of group names are used. AzureAD can't handle it. The names of these groups will therefore need to be adapted to avoid problems. A handy tool to identify possible issues with the syntax is IdFix. This is a free tool from Microsoft. You can download it via the Microsoft Download Center.

IdFix can run on any Windows Server 2008 of 2012 machine in the domain. It must still contain .NET 4.0. The account under which the tool is started must have at least read permissions in Active Directory. Modify rights in AD are also useful. Then you can directly fix the issues from the tool. The tool does not need to be installed. In the folder where the .exe is among you also write privileges. During the execution of the tool he is making a number of files to which he used for the analysis.

IdFix I recommend anyone who goes to work with a AzureAD Connect sync. It saves you a lot of misery during or after implementation.

Leave a Reply