Microsoft Azure AD Connect Requirements

General Information

Only the deployment on a SQL Server or a SQL Express version is supported.

The monitoring of the synchronization for Windows Internal Data (WID) is not supported.

Ports

·         Make sure the port 1433 (by default) is opened for SQL queries to the SQL Server hosting the AADSync database.

·         Make sure the port 5985 (5986 if SSL) is opened on the monitored server (Microsoft.PowerShell endpoint).

·         Configure the server to receive remote commands:

Enable-PSRemoting -Force

·         Make sure that a port can be used to open a TCP Connection to the server.

Permissions

·         A user member of 'AADSyncAdmins' Group is required.

·         A user member of local administrators group is required.

·         You need to have Read access rights on the AADSync SQL Database.

PowerShell

Version

Make sure PowerShell v4 or above is installed on the GSX Monitor system.

PowerShell Execution Policy

·         Locate the Windows PowerShell (x86) shortcut by typing PowerShell in the Start>Run box.

·         Make sure the new execution policy of the workstation allows all scripts and configuration files downloaded from the Internet to be run (http://technet.microsoft.com/en-us/library/dd347628.aspx), by entering:

set-executionpolicy remotesigned

Scanning

To be able to scan Azure AD Connect, the user configured in the SQL monitoring configuration needs a Read access to:

·         Master db

·         ADSync db

·         Access 'VIEW SERVER STATE'

·         'view any definition' permissions

How-To (Query in SQL)

·         USE master

·         GO

·         GRANT VIEW ANY DEFINITION TO <GSXAccount>

·         USE ADSync

·         GO

·         GRANT VIEW ANY DEFINITION TO <GSXAccount>