Active Directory Synchronization Tool Architecture and Design



Similar documents
Technical Overview. Active Directory Synchronization

An identity management solution. TELUS AD Sync

HC DYNAMICS CRM MODULE SERVER CONFIGURATION. User Manual. Hosting Controller All Rights Reserved.

Microsoft SPLA Reporting for Exchange Best Practices. Hosting Controller Whitepaper

Managing Office 365 Identities and Services

LDAP Directory Integration with Cisco Unity Connection

Introducing MachPanel v.5

Hosted Exchange Opportunity in Cloud Computing Complete Turnkey Solution

How To Install And Manage Exchange 2007 With Hostda.Com (Hostda) On A Single Server With Hostdroid (Hostdda) (Hostmaster) ( (Webmaster) And Hostda (Hosting

VMware Identity Manager Administration

Mod 2: User Management

VMware Identity Manager Administration

Configuring Hosting Controller with Exchange 2013 & 2016

Symprex Out-of-Office Manager

HC SHAREPOINT SERVICES MODULE SERVER CONFIGURATION. User Manual. Hosting Controller All Rights Reserved.

Managing Office 365 Identities and Services 20346C; 5 Days, Instructor-led

User Management Resource Administrator. Managing LDAP directory services with UMRA

Course 20346: Managing Office 365 Identities and Services

Managing Office 365 Identities and Services

Office 365 deploym. ployment checklists. Chapter 27

Migrating application users and passwords with Password Manager

AD SYNCHRONIZATION GUIDE

Avaya Aura System Manager 6.2 LDAP Directory Synchronization Whitepaper

Designing for Office 365 Infrastructure

Office 365 deployment checklists

Avaya Aura System Manager 6.2 Feature Pack 3 LDAP Directory Synchronization Whitepaper

Why is Redundancy Important?

Integrate with Directory Sources

Using Exclaimer Signature Manager with Office 365

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions

GALSYNC V4.3. Manual NETSEC. 18. March NETsec GmbH & Co.KG Schillingsstrasse 117 DE Düren

Implementing Microsoft Azure Infrastructure Solutions

Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support

Centrify Cloud Connector Deployment Guide

4.0. Attribute Mapping Rules

Quest Collaboration Services How it Works Guide

User identity, Account Provisioning, Directory Synchronization, Federation

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

WHITE PAPER BT Sync, the alternative for DirSync during Migrations

Implementing Microsoft Azure Infrastructure Solutions

Mod 3: Office 365 DirSync, Single Sign-On & ADFS

Cloud Computing: What IT Professionals Need to Know

Getting Started with HC Exchange Module

Azure Active Directory

Implementing Microsoft Azure Infrastructure Solutions

MS 20247C Configuring and Deploying a Private Cloud

WatchDox SharePoint Beta Guide. Application Version 1.0.0

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

FOREFRONT IDENTITY MANAGEMENT

CUSTOMIZABLE AUTO SIGNUP. User Manual. Hosting Controller All Rights Reserved.

Hybrid Architecture. Office 365. On-premises Exchange org (Exchange 2007+) Provisioned via DirSync. Secure Mail flow

Océ LDAP Adapter User Guide

HC License - Product Selection Guide

Configuring and Deploying a Private Cloud. Day(s): 5. Overview

SPHOL300 Synchronizing Profile Pictures from On-Premises AD to SharePoint Online

Configuration Guide. BES12 Cloud

Configuration Guide BES12. Version 12.1

How To Take Advantage Of Active Directory Support In Groupwise 2014

Office 365. Service Overview with a focus on Identity Federation and Directory Synchronization. Jono Luk, Program Manager jluk@microsoft.

HotSpot Enterprise Mobile Printing Solution. Security Whitepaper

Designing for Office 365 Infrastructure

Cloudwork Dashboard User Manual

Avaya Aura System Manager (Avaya Aura 6.2 Feature Pack 4) LDAP Directory Synchronization Whitepaper

ShoreTel Active Directory Import Application

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Security Architecture Whitepaper

SMART Considerations for Active Directory Migration. A Strategic View and Best Practices for Migrating the Corporate Directory

Planning your Microsoft Application Strategy in a Cloud Crazy World. Steve Soper Senior Managing Partner

Enabling and Managing Office 365

Preparing Hyper-V Templates for Windows Server 2008 in HC

Driver for Active Directory Implementation Guide. Identity Manager 4.0.2

Configuring and Deploying a Private Cloud 20247C; 5 days

Migrating Exchange Server to Office 365

Configuration Guide BES12. Version 12.3

Quest Collaboration Services 3.5. How it Works Guide

Advanced Configuration Steps

Consolidating Multi-Tenant Hosted Exchange Offering with

MS 20342B: Advanced Solutions of Microsoft Exchange Server 2013

Active Directory at the University of Michgan. The Michigan Way Since 2000

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

Cloud Services for Connected Government (CSfM) Ground to Cloud Summit

Configuration Guide BES12. Version 12.2

Speeding Office 365 Implementation Using Identity-as-a-Service

Introducing MachPanel v.5

Windows Azure Pack Installation and Initial Configuration

qliqdirect Active Directory Guide

Server & Cloud Management

Microsoft Implementing Microsoft Azure Infrastructure Solutions

Manage all your Office365 users and licenses

Microsoft Azure for IT Professionals 55065A; 3 days

Transcription:

Active Directory Synchronization Tool Architecture and Design Revised on: March 31, 2015 Version: 1.01 Hosting Controller www.hostingcontroller.com

Contents Proprietary Notice... 1 1. Introduction... 2 1.1 About this Guide... 2 1.2 Business Requirements... 2 1.3 Hosting Controller Experience... 2 1.4 Industry Standards and Compliance... 3 1.5 Support Availability... 3 2. Hosting Controller Cloud Automation Control Panel... 3 2.1 Overview... 3 2.2 Key Advantages... 3 3. HC Active Directory Synchronization Module... 3 3.1 General Design... 4 3.2 Cloud Control Panel ADSync Utility... 5 3.2.1 Private/Public Cloud AD Secure Requests... 6 3.2.2 User Object Attributes Synchronization... 6 3.2.3 HC Control Panel Integration with ADSync... 8 3.2.4 Installing ADSync on the On-Premise Domain Controllers... 8 3.2.4.1 ADSync Deployment Scenarios... 8 3.3 HC ADSync Tool Usage Scenarios... 10 Contact Us... 11 Hosting Controller I

Proprietary Notice This document is the property of, and contains proprietary information of Hosting Controller. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying or recording, for any purpose other than consideration of the technical contents without the written acquiescence of a duly authorized representative of Hosting Controller. 2015 Hosting Controller. All Rights Reserved. Hosting Controller 1

1. Introduction 1.1 About this Guide This document provides the design for the Hosting Controller Active Directory Synchronization Module. It mainly targets Enterprises, Service Providers and System Integrators responsible for the design, implementation, update and deployment of private/public cloud platforms. This guide provides everything you need to know about the design of HC Active Directory Sync Module. 1.2 Business Requirements As a design or as a consequence of events beyond the control of an organization, Active Directory Synchronization often becomes inevitable. Synchronization of user data generally is required across different AD forests and may be necessitated by background mergers, acquisitions, divestitures or partnerships. Multi-Forest scenarios are commonplace in a rapidly evolving market. Organizations often require AD objects (users, groups, contacts,) and their passwords to be synchronized between multiple AD forests. Sometimes organizations housing a hosted infrastructure such as MS Exchange have customers holding their own Active Directories. The primary requirement for such organizations is to have onpremises users somehow synchronized with the hosted environment. Whatever the reason Cross-Forest synchronization has become a reality, making a very compelling argument for IT departments to be ready may the need arise. What most businesses require is: A lightweight solution for synchronizing users and passwords between two forests. Something that does not require a two-way trust relationship to be established between domains. A solution that does not involve the added complication and cost of deploying an AD FS infrastructure. A tool that provides the flexibility for specific users and groups to be excluded from being synchronized. Easy way to synchronize a minimal set of user attributes (having the ability to exclude any unwanted attributes from syncing). Interval based synchronization, enabling customers to choose convenient time intervals. Hosting Controller unifies the convenience of all the above in its Active Directory Synchronization Utility to bring the most effective tool on the market. 1.3 Hosting Controller Experience Hosting Controller has successfully been providing out of the box solutions to its clientele across the globe since over a decade. The range of products includes solutions for enterprises and telcos. Hosting Controller 2

1.4 Industry Standards and Compliance Hosting Controller is a control panel validated by Microsoft for both Exchange 2010 and Exchange 2013 installations. 1.5 Support Availability Hosting Controller Support is available 24 x 7 through its support center from Canada and off-shore locations. Priority phone support and other options are available in the commercial proposal. 2. Hosting Controller Cloud Automation Control Panel 2.1 Overview Hosting Controller cloud automation solution is a complete control panel product for service providers to automate, manage, provision and administer Microsoft Enterprise applications. Thus, creating a shared multi-tenant environment for automatic provisioning of new accounts, such as Exchange, Lync, SharePoint, Dynamics CRM and Hyper-V. It encompasses a comprehensive selfserve portal for all user levels. Hosting Controller is a validated and recommended control panel by Microsoft for Exchange 2010 and Exchange 2013. The key purpose of using Hosting Controller control panel is: To automate provisioning of hosted services. To offer comprehensive self-serve portal for end customers to perform routine administration tasks. Management of multiple hosted cloud services through single centralized interface. Ability to provision multiple shared applications for a single user. Option to support distributed environment where different services can be spread across different servers across different OS platforms both Windows & Linux in different data centers within a cluster. 2.2 Key Advantages Hosting Controller offers central master console with a single database to completely automate servers infrastructure via single interface. It provides comprehensive self-care portals for administrators, tenants and resellers as per their requirements. 3. HC Active Directory Synchronization Module For those tenants that have on premise active directory services, the private/public cloud provides directory synchronization facilities to ensure password synchronization, identity information synchronization, user object provisioning as well as object synchronization to ensure consistency in address list. The directory synchronization is a component, named HC ADSync Utility. This component is responsible for: Hosting Controller 3

User Password synchronization User/Group/Contact objects identity information (attributes mentioned below) User objects provisioning Group objects provisioning Contact objects provisioning This document contains only the detailed design of the HC ADSync component. 3.1 General Design The following figure illustrates the synchronization workflow. Figure 1: Synchronization General Approach The overall concept is summarized as follows: User object on premise identity information is synchronized through ADSync with related user object within the private/public cloud. On premise password change events are intercepted and replicated through ADSync to related user object within the private/public cloud. New on premise user objects are provisioned by ADSync into the cloud environment. Within the cloud environment the user objects created without any service offering activated on it. Deletion of an on premise user object will result in deletion of the user object and its assigned service offerings in the private/public cloud. Resource mailboxes are treated in a similar fashion as user objects. Synchronization direction is from on premise to the private/public cloud. Hosting Controller 4

Once the users are synchronized to the private/public cloud, the HC Import Tool is used to import the objects into HC Control Panel for cloud service offerings through Control Panel. Users on premise and in the private/public cloud do not notice any difference in address lists. 3.2 Cloud Control Panel ADSync Utility HC ADSync Tool is developed as a simple windows service HCdirSync. This service is deployed onto domain controller in the on-premises AD forest. As changes are made in the on-premises domains, the changes are replicated to the cloud environment using direct LDAP communication. It is strongly recommended to use LDAPs for secure communication. The ongoing user object identity information (properties and attributes) are synchronized using HC ADSync tool. On premise password changes are intercepted and replicated through HC ADSync to associated user object within the private/public cloud. Newly created user accounts on the on premises domains are synchronized using HC ADSync Tool. Deletion of an on premises user object will result in deletion of the user object and its assigned service offerings in the private/public cloud. Resource mailboxes are treated in a similar concept as user objects. Synchronization direction is from on premise to the cloud only, resulting in one way synchronization. Hosting Controller 5

Figure 2: ADSync Diagram The diagram above shows how changes are detected on the customers site and synchronized through to the private/public cloud. 3.2.1 Private/Public Cloud AD Secure Requests Requests are sent to the private/public cloud infrastructure using LDAPs. Its secure request utilizes a combination of a private/public key and a symmetric key (RSA and AES) to securely transfer data and credentials. This ensures the data cannot be intercepted or diverted to another source. Authentication method used is Basic Authentication. 3.2.2 User Object Attributes Synchronization The following general attributes will be synchronized from a tenant environment into the private/public cloud. Tenant specific attributes are part of the tenant onboarding plan and provided there as such. Source Destination Comments samaccountname samaccountname initials initials Hosting Controller 6

givenname givenname sn sn surname displayname displayname <password> <password> description description title title thumbnailphoto thumbnailphoto telephonenumber telephonenumber wwwhomepage wwwhomepage company company manager manager useraccountcontrol useraccountcontrol only when activated in the cloud Department department streetaddress streetaddress l l location or city st st state countrycode countrycode postalcode postalcode homephone homephone pager pager mobile mobile Hosting Controller 7

ipphone ipphone extensionattribute1-14 extensionattribute1-14 Table 1: User object attributes synchronization 3.2.3 HC Control Panel Integration with ADSync The HC Control Panel user interface has been adapted to assist in the management and deployment of the ADSync utility as well as restricting the changes that can be made for synchronized users. Users in HC Control Panel that have been synchronized by the ADSync utility are flagged and the control panel user interface will display non-editable user information. This is to avoid user information being updated in control panel and then being overwritten by changes made via the customers Active Directory. HC Control Panel however allows to provision and manage user services. 3.2.4 Installing ADSync on the On-Premise Domain Controllers The ADSync utility is required to be installed on all on premise domain controllers. The component runs as a hook within the Local Security Authority process of every Domain Controller in the domain. It intercepts all the password change events and replicates the updated password to the private or public cloud environment. For further details, please refer to the following URL: http://help.hostingcontroller.com/enterprise/default.aspx?pageid=active_directory_synchroni zation 3.2.4.1 ADSync Deployment Scenarios Following are some scenarios to deploy ADSync: Hosting Controller 8

Figure 3: Scenario 1 Figure 4: Scenario 2 Hosting Controller 9

Figure 5: Scenario 3 3.3 HC ADSync Tool Usage Scenarios The following usage scenarios cover the primary scenarios for the directory synchronization services. User Usage Scenarios o User provisioning: When a new user is created on the on-premise Active Directory, this change is replicated to the cloud. o User property changes: When properties for user changes those changes are synced to the cloud. o User deletion: when a user is deleted on the on-premises Active Directory, this change is replicated to the cloud. o Password Changes: When a user s password is changed, it s replicated to the cloud. Distribution Group Usage Scenarios o Distribution group provisioning: When a new distribution group is created on the on-premise Active Directory, this change is replicated to the cloud. o Distribution group membership changes: When a user in the tenant organization is added or removed from the distribution group, this change is replicated to the cloud distribution group. This information is visible from the global address list. Hosting Controller 10

o o Distribution group property changes: When properties for distribution group changes these changes are synced to the cloud. Distribution group deletion: when a distribution group is deleted on the onpremises Active Directory, this change is replicated to the cloud. Contact Usage Scenarios o Contact Provisioning: When a new contact is created on the on-premises Active directory, this change is replicated to the cloud. o Contact Deletion: When a contact is deleted on the on-premises Active Directory, this change is replicated to the cloud. o Contact Property changes: When properties of contacts are changed on the on-premises Active Directory these changes are synchronized to the cloud Active Directory. Contact Us In case of any ambiguity/query regarding HC Active Directory Sync module, please feel free to contact us at support@hostingcontroller.com. Hosting Controller 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information