Office 365 for IT Pros



Similar documents
Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

Special thanks to the following people for reviewing and providing invaluable feedback for this document: Joe Davies, Bill Mathers, Andreas Kjellman

Managing Office 365 Identities and Services

SPHOL300 Synchronizing Profile Pictures from On-Premises AD to SharePoint Online

Mod 2: User Management

Managing Office 365 Identities and Services

Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1

Managing Office 365 Identities and Services 20346C; 5 Days, Instructor-led

Course 20346: Managing Office 365 Identities and Services

Cloud Identity Management Tool Quick Start Guide

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

AD RMS Step-by-Step Guide

SharePoint Server for Business Intelligence

Windows Server Update Services 3.0 SP2 Step By Step Guide

Introduction to Unified Device Management with Intune and System Center Configuration Manager

DocAve for Office 365 Sustainable Adoption

Extend your Exchange On Premises Organization to the Cloud

Enabling and Managing Office 365

How To Configure A Windows 8.1 On A Windows (Windows) With A Powerpoint (Windows 8) On A Blackberry) On An Ipad Or Ipad (Windows 7) On Your Blackberry Or Black

360 Online authentication

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS

Office 365 deployment checklists

Overview of Microsoft Office 365 Development

Create a Balanced Scorecard

EventTracker: Support to Non English Systems

LAB 2: Identity Management

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Road2Master Office 365 Hybrid Deployment and Migration Part 1 - Introduction. Ashwin Venugopal

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

WhatsUp Gold v16.2 Installation and Configuration Guide

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Office 365 deploym. ployment checklists. Chapter 27

Get started with cloud hybrid search for SharePoint

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Windows Azure Pack Installation and Initial Configuration

Enterprise Self Service Quick start Guide

Mod 3: Office 365 DirSync, Single Sign-On & ADFS

Centrify Cloud Connector Deployment Guide

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step

How to Secure a Groove Manager Web Site

Google Apps Deployment Guide

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Cloud-Accelerated Hybrid Scenarios with SharePoint and Office 365

Table of Contents Introduction... 2 Azure ADSync Requirements/Prerequisites:... 2 Software Requirements... 2 Hardware Requirements...

AUTOMATED DISASTER RECOVERY SOLUTION USING AZURE SITE RECOVERY FOR FILE SHARES HOSTED ON STORSIMPLE

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by- Step Guide

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

Pipeliner CRM Phaenomena Guide Add-In for MS Outlook Pipelinersales Inc.

Microsoft Corporation. Status: Preliminary documentation

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner Pipelinersales Inc.

Microsoft Office 365 from Vodafone. Administrator s Guide for Midsize Businesses and Enterprises

Setup Guide: Server-side synchronization for CRM Online and Exchange Server

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE

Microsoft Azure ExpressRoute

Setup guide. TELUS AD Sync

Redeploying Microsoft CRM 3.0

Version 4.61 or Later. Copyright 2013 Interactive Financial Solutions, Inc. All Rights Reserved. ProviderPro Network Administration Guide.

AvePoint Meetings for SharePoint Online. Configuration Guide

ADMT v3.1 Guide: Migrating and Restructuring Active Directory Domains

ADMT v3 Migration Guide

DameWare Server. Administrator Guide

Pipeliner CRM Phaenomena Guide Administration & Setup Pipelinersales Inc.

Microsoft Dynamics CRM Adapter for Microsoft Dynamics GP

Employee Active Directory Self-Service Quick Setup Guide

Migrating Cirrus. Revised 7/19/2007

NTP Software VFM Administration Web Site for Azure

Management Reporter Integration Guide for Microsoft Dynamics AX

Netwrix Auditor for SQL Server

Business Portal for Microsoft Dynamics GP Field Service Suite

Lync Online Deployment Guide. Version 1.0

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

CRM Form to Web. Internet Lead Capture. Product Registration Instructions VERSION 1.0 DATE PREPARED: 1/1/2013

Deploying System Center 2012 R2 Configuration Manager

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Using Apple Remote Desktop to Deploy Centrify DirectControl

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

AVG Business Secure Sign On Active Directory Quick Start Guide

Manage all your Office365 users and licenses

Dell One Identity Cloud Access Manager Installation Guide

CA Nimsoft Service Desk

Active Directory Provider User s Guide

ADFS for. LogMeIn and join.me authentication

Microsoft Version: Demo 15.0

Defender Delegated Administration. User Guide

CA Spectrum and CA Embedded Entitlements Manager

Windows SharePoint Services Installation Guide

For Active Directory Installation Guide

Setting up Hyper-V for 2X VirtualDesktopServer Manual

MICROSOFT EXAM QUESTIONS & ANSWERS

Installation Guide v3.0

Creating a Single Sign on Web Portal using Azure. Robert Crane Office 365

Lab Answer Key for Module 9: Active Directory Domain Services. Table of Contents Lab 1: Exploring Active Directory Domain Services 1

EMR Link Server Interface Installation

Deploy the client as an Azure RemoteApp program

2X Cloud Portal v10.5

Transcription:

Office 365 for IT Pros Third edition Configuring Directory Synchronization with Azure AD Connect Published by Tony Redmond, Paul Cunningham, and Michael Van Horenbeeck Copyright 2015-2016 by Tony Redmond, Paul Cunningham, and Michael Van Horenbeeck All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means without the written permission of the authors. The example companies, organizations, products, domain names, email addresses, logos, people, places and event depicted herein are fictitious. No association with any real company, organization, people, domain name, email address, logo, person, place, or event is intended or should be inferred. The book expresses the views and opinions of the authors. The information presented in the book is provided without any express, statutory, or implied warranties. The authors cannot be held liable for any damages caused or alleged to be caused either directly or indirectly by this book. Although the three authors are members of Microsoft s Most Valuable Professional (MVP) program, the content of this book solely represents their views and opinions about Office 365 and any other technologies mentioned in the text and is not endorsed in any way by Microsoft Corporation. Please be respectful of the rights of the authors and do not make copies of this ebook available to others. This information supplements the content presented in Chapter 3 of Office 365 for IT Professionals, which presents the overall context and outline for Identities and Authentication in Office 365.

Contents Introduction... 1 Enabling Directory Synchronization... 1 Installing Azure AD Connect... 2 Step-by-Step: Express Installation... 2 Step-by-Step: Custom Installation... 6

Introduction In order to synchronize identities from your on-premises directory with Office 365, you must enable directory synchronization in the Office 365 tenant and install the appropriate directory synchronization tool. More information about the synchronization process in general, its various features, the supported synchronization tools, and how to manage the synchronization process can be found in Chapter 3. Read through the chapter to familiarize yourself with the core concepts before following the steps outlined below. Enabling Directory Synchronization Before installing and configuring the synchronization tool (Azure AD Connect), you first need to allow directory synchronizations. Follow the steps below to enable directory synchronization for your tenant through the Office 365 Portal: Log in to the Office 365 admin portal (Figure A-1) and navigate to Settings and then Services & add-ins (1). On the Services & add-ins page, click Directory Synchronization (2). Finally, click on the link to Go to the DirSync readiness wizard on the Directory Synchronization widget (3): Figure A-1: Setting up Active Directory synchronization As part of the DirSync readiness wizard, a series of steps will be presented to you. These include: 1. Determine if directory synchronization is the right solution for you. This step is based on an arbitrary number of users to synchronize. For organizations below 50 users, Microsoft recommends not to use directory synchronization. The administrator can choose to override Microsoft's recommendation and still implement directory synchronization. 2. Preparing for directory synchronization - This involves checking that you can meet the pre-requisites for directory synchronization in your environment. The full set of pre-requisites is available online and can change over time, so make sure you refer to the latest information published here. 3. Verify domains - This involves adding your domain names to Office 365 and verifying them successfully. This task is covered in the Preparing for a Cutover or Staged Migration section of Chapter 4 of this book. 4. Install and run the IdFix DirSync Error Remediation tool to remediate any potential synchronization conflicts. 5. Download, and install the latest version of Azure AD Connect, and then perform a synchronization. 6. After the synchronization completed, activate users (assign licenses). Page: 1

Installing Azure AD Connect As explained in Chapter 3, Azure AD Connect can be installed in one of two ways: An express installation with default settings or a customized installation with custom settings. What follows is a guided walk through of both options. Step-by-Step: Express Installation In this example scenario, the Azure AD Connect express installation is executed. This will install the directory synchronization components and enable password hash synchronization. These steps are executed as part of the installation of Azure AD Connect: The wizard launches automatically as part of the installation. Agree to the license terms and click Continue. On the Express Settings page, click Use express settings. Page: 2

On the next page, enter Office 365 Global Administrator account credentials, and click Next. On the Connect to AD DS page, enter credentials for an account which has Enterprise Administrator permissions in the on-premises directory, and then click Next. Page: 3

Page: 4

Review the configuration parameters on the Ready to configure page and then click Install. Note that you can also enable support for a hybrid Exchange deployment. If you do, Azure AD Connect will automatically configure the required write-back permissions for the synchronization service account in the on-premises Active Directory and add the necessary synchronization steps so that the appropriate attributes are synchronized back into the on-premises directory. Once the tool has been configured successfully, click Exit. If you have selected to immediately start the synchronization process after the configuration completes, you can now continue to open the Synchronization Service Manager (miisclient.exe) and review the synchronization process. Note: Before you can administer Azure AD Connect you will need to log off the Windows server and log back on so that your new membership in the ADSyncAdmins group can take effect. Page: 5

Step-by-Step: Custom Installation The express settings installation only covers the most basic configuration of the synchronization engine and does not allow for a lot of customization. In the following example, we will configure another common Azure AD Connect deployment by connecting it to a SQL database, specifying a custom service account, and enabling support for a hybrid configuration. On the first page of the configuration wizard, agree to the license terms and click Continue. On the Express Settings page, click Customize. Page: 6

Next, select the installation parameters you would like to modify. In this scenario, select Use an existing SQL Server and Use an existing service account. Fill in the required information (SQL Server and service account credentials) and then click Install. Once the necessary components have been configured by the installer, the wizard continues. On the User sign-in page, you can specify what authentication method you would like to configure. If you would like, Azure AD Connect can install and configure AD FS and Web Application Proxy servers for you. However for sake of this demo, only select Password Synchronization and click Next. Page: 7

On the Connect to Azure AD page, enter Office 365 Global Administrator credentials. These credentials are used to automatically create a synchronization service account in Office 365. Then click Next. On the next page, enter credentials for the on-premises directory. It is important that you use a service account that has been granted the required permissions beforehand. Unlike the Express installation, you should not use credentials for an account that has Enterprise Administrator permissions as this account will be used to execute the synchronizations. After you have entered the credentials, click Add Directory and then Next. Page: 8

Next, the wizard will guide you through a few steps to configure additional synchronization options such as e.g. filtering or write-back features. On the Domain and OU filtering page, leave the defaults and click Next. Unless you have multiple on-premises directories and user accounts are (frequently) moved across forests, you should not make any modifications to the Uniquely identifying your users page. Given we only have a single directory and no other specific requirements in this scenario, simply click Next. Page: 9

On the Filter users and devices page, click Next too. Lastly, on the Optional features page, enable the following features and then click Next. Exchange hybrid deployment Password hash synchronization Password writeback Group writeback Page: 10

The Group writeback feature requires additional configuration and will ask you the destination OU where group objects should be written into. Select the appropriate OU and then click Next. Once all configuration parameters have been selected, review the settings and click Install. On this page, you can optionally choose to start the synchronization process immediately after the configuration or you can choose to enable staging mode. More information on Staging Mode can be found in Chapter 3. Once the installation completes, you can close the wizard and continue to other tasks like e.g. verifying the synchronization process. How to do so is outlined in Chapter 3 as well. Page: 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information