Q: Can I run DirSync on a domain controller?

A: DirSync provides the synchronization between on-premises Active Directory and Azure Active Directory. With update 6567.0018, the Azure Active Directory Sync tool can now be installed on a domain controller.

Microsoft's recommendation is to install DirSync on a domain controller only in a development environment, because installing the tool also installs SQL Express, Forefront Identity Manager (FIM), and other components—which adds overhead that you typically don't want on a production domain controller.