The Active Directory Sync tool [DirSync] can now be installed on an Active Directory Domain Controller (DC). You must fist have to install version 6553.0002 or newer. The process of installing DirSync on a DC is mostly the same as for deploying it normally. Keep in mind that the administrator installing the tool will need to log-off and log-on again after the Installation Wizard is complete and before the Configuration Wizard is run. This additional step of logging off and logging back in is necessary to ensure that the Directory Sync tool is installed using the least privileges possible on the DC.
If you forget to follow the above process, the Configuration Wizard will return an “Constraint Violation Error” error. If you face this error, simply log off and log in again and you will be able to proceed. Note that the recommendation is still to deploy DirSync on a member server rather than a DC as it will install FIM 2010 R2 SP1 and SQL Server 2012 Express SP1 by default, which can add overhead to your DC.