MICROSOFT ACTIVE DIRECTORY SYNCHRONIZATION, ADFS, AND EXCHANGE HYBRID



Similar documents
Mod 2: User Management

Office 365 deployment checklists

Office 365 deploym. ployment checklists. Chapter 27

LAB 2: Identity Management

Migrating Exchange Server to Office 365

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Hybrid Architecture. Office 365. On-premises Exchange org (Exchange 2007+) Provisioned via DirSync. Secure Mail flow

Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support

What you need to know about DirSync - our experiences with DirSync and Office 365, by David Parizek and Henry Verlander.

Office 365 DirSync, ADFS, Single Sign On and Exchange Federation

Adding Outlook to a Blackberry, Downloading, Installing and Configuring Blackberry Desktop Manager

Designing for Office 365 Infrastructure

Setup Guide: Server-side synchronization for CRM Online and Exchange Server

Using Exclaimer Signature Manager with Office 365

Managing Office 365 Identities and Services 20346C; 5 Days, Instructor-led

Course 20346: Managing Office 365 Identities and Services

SPHOL300 Synchronizing Profile Pictures from On-Premises AD to SharePoint Online

Managing Office 365 Identities and Services

Managing Office 365 Identities and Services

LAB 1: Installing Active Directory Federation Services

Navigate your checklist Before you begin with Exchange Sign up for Office

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

BEST PRACTICES ARCHIVE in contentaccess version 2.5

Exchange 2003 Mailboxes

Designing for Office 365 Infrastructure

Mod 3: Office 365 DirSync, Single Sign-On & ADFS

Cloud-Accelerated Hybrid Scenarios with SharePoint and Office 365

How To Backup An Exchange 2007 Mailbox With A Backup From A Backup To A Backup On A Windows 2007 Mail Box (Brick Level) (Barcondown) (For Windows 2007) (Powerpoint) (Windows 2007) And Power

You must have at least Editor access to your own mail database to run archiving.

Migration guide. Business

Special thanks to the following people for reviewing and providing invaluable feedback for this document: Joe Davies, Bill Mathers, Andreas Kjellman

Using RD Gateway with Azure Multifactor Authentication

EVault for Data Protection Manager. Course 321 Protecting Exchange 2010 with DPM

Office 365. Migrating and Managing Your. Business in the Cloud. Matthew Katzer. Don Crawford

Microsoft Entourage 2008 / Microsoft Exchange Server Installation and Configuration Instructions

TM Online Storage: StorageSync

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010

Before you begin with an Exchange 2010 hybrid deployment Sign up for Office 365 for an Exchange 2010 hybrid deployment... 10

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Synchronization with Microsoft Team Foundation Server 2010

Cloud Services ADM. Agent Deployment Guide

Matrix Logic WirelessDMS Service 2.0

Service Overview & Installation Guide

Installation and Deployment in Microsoft Dynamics CRM 2013

MICROSOFT EXAM QUESTIONS & ANSWERS

INSTALLATION AND DEPLOYMENT IN MICROSOFT DYNAMICS CRM 2013

Business mail 1 MS OUTLOOK CONFIGURATION... 2

Migrating From Bobcat Mail To Google Apps (Using Microsoft Outlook and Google Apps Sync)

Active Directory Management. User Interface Guide

Cloud Services ADM. User Interface Guide

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

WatchDox for Windows User Guide. Version 3.9.0

FileCruiser. Desktop Agent Guide

User Management Tool 1.5

Hosting Users Guide 2011

COOK COUNTY OFFICE 365 MIGRATION USER GUIDE

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Migrating MSDE to Microsoft SQL 2008 R2 Express

Cloud Attached Storage 5.0

Extend your Exchange On Premises Organization to the Cloud

Outlook Exchange

SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore

Get started with cloud hybrid search for SharePoint

client configuration guide. Business

Avatier Identity Management Suite

Connecting Software Connect Bridge - Exchange Server Sync User manual

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Configuring your client to connect to your Exchange mailbox

locuz.com Microsoft Practice Active Directory Services

SJRWMD Cloud-Based Quick-Start Guide

AUTOMATED DISASTER RECOVERY SOLUTION USING AZURE SITE RECOVERY FOR FILE SHARES HOSTED ON STORSIMPLE

TIGERPAW EXCHANGE INTEGRATOR SETUP GUIDE V3.6.0 August 26, 2015

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Creating a Single Sign on Web Portal using Azure. Robert Crane Office 365

Nintex Workflow 2010 Installation Guide. Installation Guide Nintex USA LLC, All rights reserved. Errors and omissions excepted.

MailEnable Installation Guide

Virtual Office Remote Installation Guide

Hosted Exchange Setup Instructions

TECHNICAL NOTE. The following information is provided as a service to our users, customers, and distributors.

CTERA Agent Sync Edition for Windows

This document is to explain how to setup Outlook to use our Cloud Based Exchange service.

Synchronization Agent Configuration Guide

Microsoft Dynamics CRM Clients

WatchDox for Windows. User Guide. Version 3.9.5

Configuring VPN Using Windows XP

SMART Directory Sync Known Limitations

Installing Logos SSL Certificates on Mobile Devices

Connecting to Delta College Exchange services off-campus

NYS Office 365 Administration Guide for Agencies

Configure Outlook 2013 to connect to Hosted Exchange

WineWeb Account Services

Instructions: Configuring Outlook 2003 with Exchange 2010 on the FIUMail

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

The End User Experience. Introduction to Archiving for End Users

MailEnable Connector for Microsoft Outlook

Migrating From WVWC Mail to Google Apps

Before you begin with an Exchange 2010 hybrid deployment Sign up for Office 365 for an Exchange 2010 hybrid deployment... 10

Moving the TRITON Reporting Databases

Implementing Microsoft Azure Infrastructure Solutions

Microsoft Dynamics GP. Electronic Signatures

Transcription:

MICROSOFT ACTIVE DIRECTORY SYNCHRONIZATION, ADFS, AND EXCHANGE HYBRID

TABLE OF CONTENTS: How to Use Microsoft Active Directory Synchronization for Office 365 More Effectively 3 Exchange Hybrid/Coexistence Migrations to Office 365 8 ADFS and its Integration with O365..11

CHAPTER 1: How to Use Microsoft Active Directory Synchronization for O365 More Effectively In this chapter, we are going to focus on how to use Microsoft Active Directory Synchronization ( MS DirSync ) for Office 365 more effectively. For those of you who are unaware of what MS DirSync is, here is a quick summary: MS DirSync is a useful feature/aspect of Office 365 that allows an organization to synchronize their local Active Directory forest up to Office 365. // Page 3

Benefits for using MS DirSync are: A useful way to bulk populate the Office 365 tenant with an organizations users and distribution groups. Allow for management of the user accounts, mailboxes, and distribution lists from a company s local Active Directory as they are used to with an on-premises MS Exchange environment. In this tech tip, We will discuss how to manually force a DirSync operation to commence and I ll outline the Synchronization Service Manager which can be used to manage and obtain granular information with regard to DirSync and any issues/errors that may arise. // Page 4

How to manually force a DirSync. How to Manually Force a DirSync After you setup and establish MS DirSync with Office 365, by default the service will automatically synchronize with Office 365 every 3 hours. This is not always acceptable especially if you have made some adds/moves/changes in your local Active Directory and you need to get those changes synched up to Office 365 ASAP. Some examples of where waiting for the 3 hour interval isn t sufficient are: A new hire has just started and needs to get their email/mailbox established ASAP A user needs to be added/removed from an important distribution list. An employee has been terminated and the disabling/removal of the account/mailbox needs to be synchronized. // Page 5

So, to manually force the DirSync operation, perform the following: Log onto your MS Directory Synchronization Server. Browse to the following location: C:\Program Files\Microsoft Online Directory Sync Locate the DirSyncConfigShell.psc1 file and Double-click When the Powershell module opens, input the following command: Start-OnlineCoexistenceSync and press Enter. This will start a DirSync operation immediately, thus not having to wait for the 3-hour interval. Synchronization Service Manager This Synchronization Service Manager is a nice little gem that can help you with managing MS DirSync especially if errors arise. This tool is also installed when you first install MS DirSync, and you can locate it by browsing to the following location on the DirSync server: C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\ Once there, look for a green icon with 2 white arrows within named miisclient and double-click to execute. (NOTE: You should create a shortcut and place it on your Desktop and/or within the Start Menu so you don t always have to browse here to run this program.) Now, the Synchronizaton Service Manager opens. For now, we are only going to discuss the Operations tab, which is where you will spend 90% of your time within this tool. Within this Operations tab, you will see a log of all of the DirSync operations that have run since the product s initial install date. You will see the automatic synch jobs and their status that run every 3 hours, and you can also see any and all of the manual jobs that you have run as well. // Page 6

If you highlight one of the entries in the log (either SourceAD or TargetWebService), below you will see details associated with that particular job. You can see the statistics that show all of the adds/updates/renames/deletes that occurred with that synchronization, and on the right you can identify the Synchronization errors that occurred, if any. You can even get further granular by selecting one of the items that errored (usually denoted by a CN= at the start of the entry) and get information on the object/group that encountered the problems. In the main log, the Status column will depict an overview if issues were found or not. If you see Success, everything was fine. The bottom line, is that this Synchronization Service Manager allows for a nice alternative then just the email notifications that get received from Microsoft to the one, main user/email account on the tenant for investigating and troubleshooting issues. Clearing the Runs No, it s not what you are thinking! (Get your minds out of the gutter!). However it is an important operation to perform if your Directory Synchronization stops running or updating. All of the logs and line items that are displayed within the Synchronization Service Manager are stored within a local SQL Express 2008 database, and if this gets full, then DirSync will stop updating to Office 365 until this is resolved. To do so, Log into the Synchronization Service Manager Click on the Actions menu at the top of the screen. Highlight and select Clear Runs. This will clear the listed runs and essentially purge these excess logs from the database, allowing MS DirSync to run properly once again; thus synchronizing with Office 365 as normal. // Page 7

CHAPTER 2: Exchange Hybrid/Coexistence Migrations to O365 This tip focuses on Exchange Hybrid/Coexistence migrations to Office 365 with the new Wave 15 (Exchange 2013) backend. If you are not aware, Microsoft released the new version of Office 365 (branded as Wave 15 ) on Feb. 27, 2013 and there are some new wrinkles and challenges to be encountered as a result. One in particular deals with Exchange Hybrid/Coexistence with this new Office 365 Wave 15. This week s tech tip will be short and sweet; however it will save you time when trying to decide how to architect the solution. // Page 8

1.) If you are dealing with any customers who have the new Wave 15 Office 365 tenants and want Exchange Hybrid, here are some things to consider when planning the architecture. If the customer has an Exchange 2007 or Exchange 2010 onpremises environment, then you can install/setup/configure an Exchange 2013 Hybrid/Coexistence server in order to facilitate the migration and establish the coexistence. If the customer has Exchange 2003, then you CANNOT use an Exchange 2013 Hybrid server. This is because Exchange 2013 is incompatible and simply cannot coexist with Exchange 2003. In this case, you MUST usean Exchange 2010 Hybrid/Coexistence server in order to facilitate this migration. 2.) If you are indeed migrating a customer with an existing Exchange 2003 or SBS 2003 environment, then you must also perform a double-migration. This means that you must first migrate the mailboxes to the Exchange 2010 Hybrid server, and THEN you can migrate the mailbox up to Office 365 Wave 15. If you attempt to do a straight New Remote Move Request from a mailbox living on an Exchange 2003 server directly to Office 365 Wave 15, you WILL get errors and the mailbox migration will fail. // Page 9

Most of the errors will cite corruption on most if not all of the items, and occasionally you will see different errors, but basically they occur because the Exchange 2013 servers within Office 365 Wave 15 simply cannot communicate properly with the Exchange 2003 servers/mailboxes. So, if you have a customer with this scenario, make sure you plan the deployment of your Exchange 2010 Hybrid server accordingly. Meaning, make sure you install the mailbox server role upon installing Exchange 2010 and make sure that you have allocated enough disk space to the Exchange 2010 server to temporarily accommodate the mailboxes that will be living upon it during this double migration. You may also need to add some extra RAM/CPU to it so it can temporarily handle serving these mailboxes while its performing its typical hybrid tasks. // Page 10

CHAPTER 3: ADFS and its Integration with Office 365 ADFS? Not so fast! Active Directory Federation Services (ADFS) was introduced by Microsoft as a part of Windows 2003 R2 as a method to link two unlike Active Directory domains as a means to simplify access to systems and applications (for example, within a partner s network/organization) through web-based services using Single-Sign On (SSO) technology. Microsoft now offers it up as a means to accomplish the same SSO capabilities with Office 365. // Page 11

We have been a part of many ADFS deployments with respect to Office 365, and we can say that it works quite well once it is up and running. However, we feel that there are a lot more negatives or cons with an ADFS deployment, especially in comparison to other tools that are now available to similarly accomplish SSO, namely our Password Synchronization tool from MessageOps. If a component of your ADFS environment is down/offline, your users WILL NOT be able to access their mailboxes (email/calendars/contacts, etc.) What this means, is that if the ADFS Proxy server is down or unavailable, then user authentication requests will not get passed down to the back-end ADFS server and subsequently not to the domain controllers, thus users can t log in. Obviously, if the main back-end ADFS server (which houses the database) is down/offline, then users can t log into the Office 365 environment (MS Outlook and OWA) as well. Isn t one of the main reasons to move an email/messaging environment to the cloud is to avoid or remove these onpremises dependencies? When you deploy ADFS, you are essentially shifting the on-premises dependency from your onpremises Exchange/GroupWise/Lotus Notes servers to these ADFS servers? // Page 12

We have also worked first-hand with customer that have experienced problems/issues with their ADFS servers, and they are dead in the water with regard to email until these servers get fixed/back online. Now, keep in mind that even when ADFS is down, email is still being delivered to your user s Inboxes as they don t affect mail flow, which would obviously be affected in the case of an onpremises email server crash; however your phone and the phones of your IT staff colleagues will still be getting blown-up by users who can t get to their email. Password Synchronization Tool: So, if you are wondering how you can still achieve SSO without all of the CONs listed above and having a dependency on your on-premises environment, we at Champion/MessageOps have the solution for you. Use this link that explains the Password Sync tool in more detail and all of the specs/requirements for it. The most important thing about this tool, is that if the Password Sync server encounters an issue, it DOES NOT affect users abilities to access their Office 365 mailboxes. // Page 13

Conclusion: The bottom line is that you should seriously weigh all of your options before investing in ADFS to be a part of your Office 365 solution. Especially for small and medium-sized organizations, the better option may be to either utilize a tool like Password Synchronization or perhaps not even go with an SSO solution at all. // Page 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information