Adding users from another AAD tenant to AX7

In AX 2012 and prior it was a little tricky to add external users. You basically could not, so you needed to add an Active Directory Account to your AD and import it as a AX user. You might not want to add external users in your AD.

This is much easier in AX7 (it should be Dynamics AX but it is much harder to search for on the internets)… much, much easier… you see AX 7 does not handle identity at all…  it trusts Azure Active Directory for this. A requirement is that the external company uses Azure Active Directory.

Note (Added later): If you have set up the AX install in Azure using LCS the “default” Azure Active Directory is the one connected for your Azure tenant. These users are not treated as external users and do not need the modification below.

So, to add an external user to AX you go to System Administration – Users and click New to add a new user. The user we want to add in our example is Kalle Kula, Kalle has the email address


The only thing missing is that we need to specify the Azure AD tenant in the domain field and set it to (which is not completely visible in the screenshot)


Save the user and add roles and we are all set!


Configuring Filtering in AADSync

If you don’t want to sync your entire Active Directory to Azure/Office 365 you can in the new AADSync set up a OU filter. Here is a short Checklist

  1. Start Synchronization Service Manager
    1. Go to Connectors
    2. Select Properties on your AD Connector
    3. Select Configure Directory Partitions
    4. Click Containers (Enter Credentials)
    5. Select OUs to Sync
    6. Exit Properties
  2. Initiate sync
    1. Right-click AD Connector and select Run – Full Import
    2. Right-click AD Connector and select Run – Delta Sync
    3. In Task Scheduler run the Azure AD Sync Scheduler or wait max of 3 hours
  3. Verify in Azure AD/Office 365 that the sync was OK…