There is lot of confusion regarding DirSync (the new Windows Azure Active Directory Sync) tool.
Following are the points to note when setting up & configuring the tool.
- Yes, you can install DirSync on a domain controller now. The DC should be running Windows 2008+ as the base operating system. Do use the latest binaries though.
- The recommendation is still to have DirSync on a member server, although DC install is supported.
- If you have more than 50,000 objects (users, groups, contacts) to sync to Office 365, you should have DirSync installed with a full blown SQL as the database backend.
- The default installation of the DirSync tool includes a version of Microsoft SQL Server 2012 Express SP1 and you can use this mode of install if you have less than 50,000 objects.
- You can go with a flown blown SQL as the backend even if you have less than 50K objects (optional).
- You can install DirSync on a Windows 2012 member server & it is supported.
- You need to install .NET framework 3.5 SP1 & 4.0 on the server before a dirsync install is possible.
- You can only have one install of DirSync tool between an on-premises Active Directory and an Office 365 tenant.
- DirSync server is a single point of failure when you look from a design perspective. But, even if your DirSync server is down, your users will be able to authenticate and use all O365 services.
- The issue will be that any new users & password changes won’t be sync’d to the O365 when the DirSync server is down.
Hope this clears the confusion ;)