Prerequisites for Microsoft Entra Connect

This article outlines the necessary prerequisites and hardware requirements for installing Microsoft Entra Connect.

Prerequisites

If you’re looking to install Microsoft Entra Connect, then you’ll want to make sure you have everything you need before you begin. Let’s take a quick look at what’s required to get you up and running!

1. You need a Microsoft Entra Tenant.
2. Add and verify the domain.
3. Microsoft Entra Global Administrator or Hybrid Identity Administrator account is required to integrate with Microsoft Entra Tenant.
4. For Express settings or upgrading from DirSync, an On-Premise Active Directory Enterprise Administrator account is required.
5. Default limit for number of objects allowed is 50,000. After domain verification, the limit increases to 300,000. With Microsoft license, the limit goes up to 500,000 objects.
6. Use IdFix to identify errors such as duplicates.
7. Review optional sync features you can enable in Microsoft Entra ID.
8. The Active Directory schema version and forest functional level must be Windows Server 2003 or later.
9. The domain controllers can run any version
10. Writable domain controller as the read-only domain controller (RODC) isn’t supported
11. Using on-premises forests or domains by using “dotted” (name contains a period “.”) NetBIOS names isn’t supported.
12. Enabling the Active Directory recycle bin is always recommended.
13. The Microsoft Entra Connect server is home to important identity data. It is crucial to secure administrative access to this server properly.
14. It must be installed on a domain-joined Windows Server 2016 or later. Preferrable Windows 2022.
15. Windows Server Essentials 2019 is supported as Windows Server Core isn’t supported.
16. .NET Framework version required is 4.6.2 or later
17. Do not apply the PowerShell Transcription Group Policy on the Microsoft Entra Connect server.
18. If your Hybrid Identity Administrators have MFA enabled, The URL https://secure.aadcdn.microsoftonline-p.com must be in the trusted sites list.
19. If ADFS is being deployed through Microsoft Entra Connect, then the server must be Windows 2016 or later
20. If the Web proxy is being deployed through Microsoft Entra Connect, then the server must be Windows 2016 or later, along with configuring name resolution
21. SQL Server 2012 is no longer supported.
22. Azure SQL Database isn’t supported as a database, including Azure SQL Database and Azure SQL Managed Instance.
23. You must use a case-insensitive SQL collation. These collations are identified with a CI in their name. Using a case-sensitive collation identified by CS in their name isn’t supported.
24. You can have only one sync engine per SQL instance. Sharing an SQL instance with MIM Sync, DirSync, or Azure AD Sync isn’t supported.
25. Microsoft Entra Connect requires network connectivity to all child and root domains in the forest.
26. You need to open ports between the Microsoft Entra Connect servers and your domain controllers if you have firewalls on your intranet.
27. Enable TLS 1.2 for the Microsoft Entra Connect server to communicate with Microsoft Entra ID.
28. Here are the minimum system requirements for Microsoft Entra Connect Sync computer, as shown in the table below.

Important Note:

For managing more than 100,000 objects, it is recommended to use the full version of SQL Server. For optimal performance, it should be installed on your local machine. Please note that these recommendations are specific to Microsoft Entra Connect. If you choose to install SQL Server on the same server, you may require additional memory, drive, and CPU resources.

Conclusion

To integrate Entra ID, you will need to use Microsoft Entra Connect Sync. You can install this software in your environment by following the instructions on this page. Before installation, make sure to check the prerequisites and hardware components to ensure a successful setup. I hope this information is helpful to you.