SPHOL300 Synchronizing Profile Pictures from On-Premises AD to SharePoint Online

SPHOL300 Synchronizing Profile Pictures from On-Premises AD to SharePoint Online

Contents Overview... 3 Introduction... 3 The Contoso Ltd. Scenario... 4 Exercise 1: Member Server Sign up for Office 365 E3 Trial... 5 Lab 1 Start your free 30-day trial... 5 1.1: Working with Active Directory Connector... 6 1.2: Create & Configure an Active Directory Connector... 6 Exercise 2: Domain Controller Prepare for directory synchronization... 9 Lab 2 Prepare for directory synchronization... 10 2.1 Incident Management Create, Escalate, Resolve and Close the Incident... 11 Exercise 3: Member Server Activate Active Directory Synchronization... 13 Lab 3 Activate Active Directory Synchronization... 14 3.1 Change Management New CR, Add Reviewers, Approver, Manual Activity... 14 Exercise 4: Member Server -Install and configure the Directory Sync Tool Exercise 5: Member Server - Verify directory synchronization and activate synchronized users Page 2 of 31

Overview Azure Active Directory Dirsync was formerly known as Dirsync, this tool has been updated to allow for the synchronization of local Active Directory passwords to Azure Active Directory. This new feature will allow for Same Sign In with Microsoft cloud services such as Office 365 Education powered by Azure Active Directory since the username and the password from local AD will by synced up to Azure AD. Introduction Estimated time to complete this lab 60 minutes Complete lab time estimate as accurately as possible. Objectives After completing this lab, you will be better able to: Overview of Lab This lab will guide the student through several process automation examples, providing hands on experience with the concepts explained in the student course manual. To provide real-world context, the guide is based on the Contoso, Ltd. scenario, a fictional organizations that is explained here and throughout the course. Virtual Machine Technology The computers in this lab are virtual machines that are implemented using Microsoft Hyper-V. When you have started a virtual machine, log on by clicking on Send CTRL+ALT+END and supply the credentials listed in the lab instructions. Page 3 of 31

Computers in this Lab This lab uses virtual machines as described in the following table. Before you begin the lab, you must start the virtual machines and then log on to the computers. Component Windows 2012 R2 AD Domain Controller Server: DC.Contoso.com Windows 2012 Member Server Server: SYNC.Contoso.com Description Runs the Active Directory instance for the Contoso.com domain used by all systems in this Contoso scenario. Runs the Azure Active Directory Dirsync Tool to synch onprem users, groups and contacts to Azure Active Directory. All user accounts in this lab use the password LS1setup! The Contoso Ltd. Scenario Page 4 of 31

To provide real-world context for the step-by-step procedures, we have created a fictitious organizational with technical and business challenges described in various scenarios in this lab manual. Our scenario takes place at a fictional company, Contoso Ltd. Exercise 1: System Center Service Manager Active Directory Connector Lab 1 Creating an Active Directory Connector to Import Data from AD Virtual Machines: SYNC Username: CONTOSO\administrator Password: LS1setup! Estimated time to complete: 20 minutes To log onto the virtual machine, press CTRL-ALT-END To switch to full screen mode, press CTRL-ALT-BREAK Scenario: Page 5 of 31

Contoso wants evaluate Office 365 E3 Plan. Contoso has decided to import users, groups, and computers from Active Directory since these are the only objects that are covered by the Configurations Management policy for CI objects. To do this, you need to do the following:- 1.1: Sign up for Office 365 E3 Trial In this exercise, you will perform the following actions:- 1. Sign up for office 365 E3 Trial 2. Observe the imported AD Objects into Service Manageer Console 3. Create new user accounts & Update user Properties details in AD 4. Manually synchronize the Active Directory connector 1.2: Create & Configure an Active Directory Connector Task Perform the following tasks on this virtual computer: SYNC.Contoso.com 1. Sign up for Office 365 E3 30- day trial 1. Log on into the Member server SYNC with the CONTOSO\Administrator account 2. Open Internet Explorer. 3. Browse to address to sign up for Office 365 E3 Trial. http://office.microsoft.com/en-us/business/office-365-enterprise-e3-businesssoftware-fx103030346.aspx 4. Use Microsoft HQ address if you work outside of the US. One Microsoft Way Redmond, WA 98052 5. Example of signup Page 6 of 31

6. Create your new user ID and provide Mobile Phone number to receive security code to unlock this account for lost password and Click create my account. Page 7 of 31

7. Setup of SharePoint, Exchange and Lync will take a little time to provision. Page 8 of 31

Exercise 2: Domain Controller Prepare for directory synchronization Page 9 of 31

Lab 2 Prepare for directory synchronization Virtual Machines: DC Username: CONTOSO\Administrator Password: LS1Setup! Estimated time to complete: 30 minutes Prerequisites: You have signed up for an Office 365 E3 Trial. You will need the following from the sign up form. 1. Organization Name 2. User ID (Example admin@msftetr18lab.onmicrosoft.com) 3. Password Scenario: Contoso Active Directory environment must be properly configured in order for your users to sign-in to Microsoft online services. In particular, the userprincipalname (UPN) attribute, also known as a user logon name, must be set up correctly for each user in a specific way. The UserPrincipalName attribute must use a publically routable domain. Contoso is currently not using a publically routable domain, you will need to update all Contoso users UserPrincipalNames attributes. You need configure a valid UPN for every account in the Contoso Domain. In this exercise, you will perform the following actions:- 1. Add an alternative UPN suffix to Consoto Active Directory Domain. 2. Update all user s UserPrincipalNames attribures in the Consoto Domain to use the new UPN Suffix created. Page 10 of 31

2.1 Add alternative UPN suffix to Contoso Active Directory and update all users in Contoso domain with the new UPN Suffix Task Perform the following tasks on this virtual computer: DC.Contoso.com 1. Add User Principal Name Suffix to Active Directory You need to add an alternative UPN suffix to simplify administration and user logon processes by providing a single UPN suffix for all users. The UPN suffix is used only within the Active Directory forest, and it is not required to be a valid DNS domain name. You will use the UPN suffix in Office 365 created when you signed up for Trial. 1. Log on as Contoso\Administrator on the DC server 2. Open Active Directory Domains and Trusts. To open Active Directory Domains and Trusts, click Start, click Administrative Tools, and then click Active Directory Domains and Trusts. 3. In the console tree, right-click Active Directory Domains and Trusts, and then click Properties. 4. On the UPN Suffixes tab, type an alternative UPN suffix for the forest, and then click Add. Enter in your UPN from your tenant. Example Admin@MSFTETR18LAB.onmicrosoft.com 5. Click Add Page 11 of 31

6. Click OK 2. Update all users in Contoso Domain with the new UPN created above. All users created in the Contoso domain currently have a null UPN attribute. Run Powershell to update all users to use the new UPN suffix.: 1. Log on into the DC server using CONTOSO\Administrator account. 2. From the Task bar, launch Powershell, Right click and Run as Admininistrator. Page 12 of 31

3. Run the following powershell to update all user accounts with the new UPN suffix. Get-ADUser -Filter {-not (UserPrincipalName -like '*')} -SearchBase 'CN=Users,DC=contoso,DC=com' % {$CompleteUPN = $_.SamAccountName + "@MSFTETR18LAB.onmicrosoft.com" ; Set- ADUser -Identity $_.DistinguishedName -UserPrincipalName $CompleteUPN} Exercise 3: Member Server Activate Active Directory Synchronization Page 13 of 31

Lab 3 Activate Active Directory Synchronization Virtual Machines: SYNC Username: CONTOSO\Administrator Password: LS1Setup! Estimated time to complete: 20 minutes Scenario: You must activate directory synchronization before you install the Directory Sync tool. When you activate directory synchronization, you are turning on this feature across your tenant and all the Microsoft cloud services that you are subscribed to. In this exercise, you will perform the following actions:- 1. Browse to Tenant Admin Portal and Activate Active Directory Synchronization 3.1 Using Tenant Admin Portal Activate Active Directory Synchronization Task Perform the following tasks on this virtual computer: SYNC.Contoso.com Page 14 of 31

1. Activate Active Directory Synchronization using Tenant Admin. You need to create the change described above. To do this, Do the following: 1. Log on into the SYNC server using contoso\administrator account. 2. Lanch Internet Explore and browse to tenant admin portal. https://portal.microsoftonline.com/admin/default.aspx 3. Click Users and groups, click Active Users, click Set up next to Active Directory synchronization, and then proceed to the next step. 4. Select Activate in step 3 to activate Active Directory Synchronization. Exercise 4: Member Server Install DirSync Tool Page 15 of 31

Lab 4 Install DirSync Tool Virtual Machines: SYNC Username: CONTOSO\Administrator Password: LS1Setup! Estimated time to complete: 20 minutes Scenario: Once you have activate directory synchronization you can install the Directory Sync tool. In this exercise, you will perform the following actions:- 1. Browse to Tenant Admin Portal to download and install Directory Sync Tool. Exercise 4.1: Member Server Install Directory Sync Tool Page 16 of 31

Perform the following tasks on this virtual computer: SYNC.Contoso.com 1. Download Directory Sync tool from tenant admin You need to create the change described above. To do this, Do the following: 1. Log on into the SYNC server using contoso\administrator account. 2. Launch Internet Explore and browse to tenant admin portal. https://portal.microsoftonline.com/admin/default.aspx 3. Click Users and groups, click Set up next to Active Directory synchronization, and then proceed to the next step. 4. Select Download in step 4 to download Directory Sync Tool. 5. Run Tool. Page 17 of 31

6. On the Welcome screen click Next 7. Accept the license agreement and click Next Page 18 of 31

8. On the Select Installation Folder page, click Next, the installation will begin. 9. Installation will take 10 minutes or longer depending upon the speed of the computer. Page 19 of 31

10. Once Installation is complete click Next. 11. On the Finished page, click finish. 12. On the Welcome page, click next. Page 20 of 31

13. Under Microsoft Online Services Credentials, enter your admin credentials. 14. Enter in your Local Active Directory User Name and password. Page 21 of 31

Contoso\administrator Password: LS1setup! 15. Enable Hybrid Deployment and Click Next 16. Enable Password Sync and Click Next. Page 22 of 31

17. Click Next 18. Select Synchronize your directories now and click Finish Page 23 of 31

Exercise 5: Member Server Verify Directory Synchronization and activate synchronized users Page 24 of 31

Perform the following tasks on this virtual computer: SYNC.Contoso.com 1. Verify directory synchronizatio n a) Launch IE and navigate to the online portal and log in as the Admin https://portal.microsoftonline.com/ b) Go to Office 365 admin center and click users and groups, click Active Users. If the synchronized users do not appear, refresh the browser window 2. Activate Users a) In the list of users, fill in the checkbox next to a user multiple users can be activated at the same time, select all the accounts you wish to activate at this time. You can do it later as well. b) Select Activate Synced Users on the far right of the screen. Page 25 of 31

c) Select the Location (United States) and the license options for this user, click next d) Accept the defaults and click activate Click Finish 3. Sign out of 365 Administration Portal using Top Right Navigation bar. 4. Log into Online as Aaronp a) Launch IE and clear the proxy settings completely. b) navigate to https://portal.microsoftonline.com c) If the User ID is not blank then select the link Sign in with a different user ID. d) For User ID: enter Aaronp@NNN.onmicrosoft.com where NNN is the name of your tenant Page 26 of 31

5. Navigate to OWA by Clicking on Outlook using the top right navigation bar Page 27 of 31

6. Select English for Language, Pacific Time Zone and Click Save. 7. Click on people link using top right navigation bar. 8. Notice that user photos are not displaying in people hub due to photo being too large. 9. Resize Aaronp photo in activate directory using 3 rd party tool. Follow these steps to upload or edit a photo in a user s Active Directory to have it display correctly in Lync: 1. First you need to download and install the AD Photo Edit Utility from http://www.cjwdev.co.uk/software/adphotoedit/info.html. If you want to edit multiple users at a time, the Bulk Edition of the tool is needed. Page 28 of 31

2. After the tool has been installed, AD Photo Edit automatically detects and connects to your Active Directory. In my case it s detecting the contoso.com domain. 3. Search for the user's name or alias and click Edit Image for the selected user. I searched for my alias, which is aaronp and the tool immediately pulled up my contact information. Page 29 of 31

10. Resize photo to recommended size <10KB Size Limit 100KB and Click ok. 11. Force the directory synchronization Open Windows PowerShell as administrator. Import the DirSync module by typing import-module DirSync. Type Start-OnlineCoexistenceSync.and press enter. Give the sync 1-2 mins to finish before starting next step. 12. Click on people link using top right navigation bar. 13. Then click All Users under Directory. Page 30 of 31

14. Notice the user photo that was resize is now displaying in people hub 15. Click on OneDrive using top right navigation bar to create user s OneDrive (my site) 16. Click ok when prompted Let s get social. After the site loads, click the Newsfeed link in the top navigation bar. Then click About me in the left navigation pane. 17. You will now notice that SharePoint is utilizing the user s photo imported using dirsync tool. Page 31 of 31