Presentation is loading. Please wait.

Presentation is loading. Please wait.

Directory Synchronization in Office 365

Published byJuliet Palmer Modified over 5 years ago

Similar presentations

Presentation on theme: "Directory Synchronization in Office 365"— Presentation transcript:

1 Directory Synchronization in Office 365
Bill Fiddes | Learning and Development Specialist Rob Latino | Program Manager in Office 365 Support

2 Meet Bill Fiddes Learning & Development Specialist
Customer Support Services Been with Microsoft for 7 years “Professionally” in the computer industry for 10 years Focus on Customer Support Readiness for Azure Active Directory and Office 365 Identity Wife and three children living in Maple Valley, WA

3 Meet Rob Latino Program Manager in Office 365 Support organization for over 4 years Certified in Office 365 Administration Involved in the Office 365 community and technical content management

4 Course Topics Directory Synchronization in Office 365
01 | What is Azure Active Directory? 06 | Hard and Soft User ID Matching 02 | Directory Synchronization Overview 07 | Configuring Alternate User ID 03 | Directory Synchronization Scenarios 08 | Configure Filtering 04 | Directory Synchronization Tool Comparison 09 | Azure Active Directory Subscriptions 05 | Source of Authority

5 Setting Expectations This is for admins who want to do more advanced configuration options with directory synchronization Changing source of authority Mapping existing cloud users to local users Signing in with something other than UPN Syncing some objects instead of all objects Extra value with Azure Active Directory subscriptions

6 Join the MVA Community! Microsoft Virtual Academy
Free online learning tailored for IT Pros and Developers Over 2M registered users Up-to-date, relevant training on variety of Microsoft products “Earn while you learn!” Get 50 MVA Points for this event! C.O.

7 01 | What is Azure Active Directory?

8 What is Azure AD and what does it have to do with me?
Azure Active Directory provides identity management and access control capabilities for cloud services such as Office 365. Azure AD capabilities include a cloud-based store for directory data and a core set of identity services, including user logon processes, authentication services, and Federation Services. The identity services that are included with Azure AD easily integrate with your on-premises Active Directory deployments and fully support third-party identity providers.

9 02 | Directory Synchronization Overview

10 Directory Synchronization Overview
7/28/2018 Directory Synchronization Overview Synchronize your directory to the Microsoft Cloud Services Synchronizes users, passwords, security groups, distribution lists, contacts, and conference rooms. Enables unified Global Address List with Exchange Online Enables Exchange Hybrid and synchronizes some Exchange Online attributes back to on-premises Synchronize passwords back to on-premises Synchronization occurs every 3 hours © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Directory Synchronization Overview - continued
7/28/2018 Directory Synchronization Overview - continued Synchronize from single or multiple forests Directory Quota limits Up to 50k objects with no verified domain Up to 500k objects with a verified domain Unlimited if you have Azure Active Directory Basic or Premium subscription Lots of new features coming soon © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 03 | Directory Synchronization Scenarios

13 Directory Synchronization Scenarios
7/28/2018 Directory Synchronization Scenarios Directory Sync Scenario - Used to synchronize on-premises directory objects (users, groups, contacts) to the cloud to help reduce administrative overhead. Directory synchronization is also referred to as directory sync. Once directory sync has been set up, administrators can manage directory objects from your on-premises Active Directory and those changes will be synchronized to your tenant. In this scenario, your users will use different user name and passwords to access your cloud and on-premises resources. Directory Sync with Password Sync Scenario – Used when you want to enable your users to sign in to Azure AD and other services using the same user name and password as they use to log onto your corporate network and resources. Password sync is a feature of the Directory Sync tool. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Directory Synchronization Scenarios - continued
7/28/2018 Directory Synchronization Scenarios - continued Directory Sync with Single Sign-On Scenario - Used to provide users with the most seamless authentication experience as they access Microsoft cloud services while logged on to the corporate network. In order to set up single sign-on, organizations need to deploy a security token service on-premises, such as Active Directory Federation Services (AD FS). Once it has been set up, users can use their Active Directory corporate credentials (user name and password) to access the services in the cloud and their existing on-premises resources. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 04 | Directory Synchronization Tool Comparison

16 Directory Synchronization Tool Comparison
Azure Active Directory Sync Tool (DirSync) First appliance for Directory Synchronization to Azure AD Supports only single forest synchronization Password write back will remain in preview and not supported Azure Active Directory Sync Services (AAD Sync) Newest appliance and will eventually replace Directory Synchronization to Azure AD Supports single and multi-forest synchronization Password-write Many new features coming soon Azure Active Directory Connect Includes Azure Active Directory Sync Services (AAD Sync) Will also assist you to set up AD FS Will also assist you to set up your Web Application Proxy

17 Directory Synchronization Tool Comparison
On-Premises to Cloud Synchronization Feature (DirSync) (AAD Sync) Connect to single on-premises AD forest X Connect to multiple on-premises AD forests Connect to single on-premises LDAP directory (no AD at all) CS Connect to multiple on-premises LDAP directories Connect to on-premises AD and on-premises LDAP directories Connect to custom systems (i.e. SQL, Oracle, MySQL, etc.). Synchronize customer defined attributes (directory extensions) Password Hash Sync for single on-premises AD forest Password Hash Sync for multiple on-premises AD forests Cloud to On-Premises Synchronization Feature (DirSync) (AAD Sync) Write-back of devices X CS Attribute write back (for Exchange hybrid deployment ) Write-back of users, groups objects Write-back of passwords (from SSPR and password change)  Preview Write-back of customer defined attributes (directory extensions)

18 Directory Synchronization Tool Comparison
Set-up and Installation Feature (DirSync) (AAD Sync) Supports installation on a Domain Controller X Supports installation using SQL Express Step-up from DirSync to AADSync Localization Windows Server languages CS Support for Windows Server 2008 and Windows Server 2008 R2 Support for Windows Server 2012 and Windows Server 2012 R2 Filtering and Configuration Feature (DirSync) (AAD Sync) Filter on Domains and Organizational Units X Filter on attribute values on objects Allow minimal set of attributes to be synchronized "MinSync" Allow different service templates to be applied for attribute flows Allow removing attributes from flowing from AD to AAD Allow advanced customization for attribute flows

19 05 | Source of Authority

20 Source of Authority There are three scenarios where you may change the source of authority for an object—when you activate, deactivate, or reactivate directory synchronization from within any account portal or with Windows PowerShell. Source of authority is transferred after you perform the first synchronization. Activate: When you activate directory synchronization and then synchronize directories, the source of authority for any cloud object that is matched to an on-premises object is transferred from the cloud to your on-premises Active Directory. Activating directory synchronization is a requirement for an Exchange hybrid deployment, an Active Directory Federation Services 2.0 (AD FS 2.0)/single sign-on (SSO), and the staged Exchange migration scenarios.

21 Source of Authority - continued
Deactivate: When you deactivate directory synchronization, the source of authority is transferred from the on-premises Active Directory to the cloud. Deactivating directory synchronization is a requirement if you want to transfer all user, group, contact, and mailbox management using Windows PowerShell and account portal tools to the cloud. For example, some organizations that used the staged Exchange migration tools to move their mailboxes to the cloud and no longer want to manage objects from on-premises can deactivate directory synchronization. Reactivate: When you reactivate directory synchronization, the source of authority is transferred from the cloud back to your on-premises Active Directory (where it previously resided).

22 Activating directory synchronization
7/28/2018 7:58 AM Demo Demo activating Directory Synchronization Demo downloading/installing appliances Activating directory synchronization © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 06 | Hard and Soft User ID Matching

24 Hard and Soft User ID Matching
Hard matching - GUID match logic. When you reactivate directory synchronization, objects in the on-premises Active Directory are matched with objects in the cloud according to previous directory synchronization GUID (objectGUID) on the cloud objects. When such a match is found, the directory synchronization process makes a GUID match and overwrites the target object data in the cloud objects with the data from the corresponding on-premises objects.

25 Hard and Soft User ID Matching - continued
Soft Matching - SMTP match logic. If directory synchronization does not find a GUID match in the cloud, a process called SMTP match is used. In this process, directory synchronization matches corresponding objects, according to the primary SMTP address. If a target (cloud) object’s primary SMTP address matches a primary SMTP address of an object in the on-premises organization, the data for the on-premises object is used to overwrite the data for the corresponding cloud object.

26 Demo User ID Matching 7/28/2018 7:58 AM Demo soft matching
Demo hard matching Demo setting up Alternate Login ID User ID Matching © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 07 | Configure Alternate User ID

28 Configuring Alternate User ID
Alternate User ID is a feature that was introduced in Active Directory Federation Services (AD FS) in Windows Server 2012 R2 Update 1. Alternate login ID facilitates logon to AD FS by using an administratively defined user attribute. After it is configured, AD FS will prefer to locate the user account by the defined attribute first instead of by the UPN. Users will still be able to log on by using previously allowed methods. You can also use alternate login ID without single sign-on (SSO) and AD FS by using cloud-managed sign-in and directory synchronization.

29 Demo Alternate Login ID 7/28/2018 7:58 AM Demo soft matching
Demo hard matching Demo setting up Alternate Login ID Alternate Login ID © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 08 | Configure Filtering

31 Configure Filtering Organizational-unit (OU)–based: You can use this filtering type to manage the properties of the SourceAD Management Agent in the Directory Synchronization tool. This filtering type enables you to select which OUs are allowed to synchronize to the cloud. Domain-based: You can use this filtering type to manage the properties of the SourceAD Management Agent in the directory synchronization tool. This type enables you to select which domains are allowed to synchronize to the cloud User-attribute–based: You can use this filtering method to specify attribute-based filters for user objects. This enables you to control which objects should not be synchronized to the cloud

32 Demo Filtering 7/28/2018 7:58 AM Demo filtering
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 09 | Azure Active Directory Subscriptions

34 Azure Active Directory Subscriptions
Built on top of a large set of free capabilities in Microsoft Azure Active Directory, Active Directory Premium and Azure Active Directory Basic editions provide a set of more advanced features to help empower enterprises with more demanding identity and access management needs. Azure AD Premium Trial available for 30 days Features Free Basic Premium Sync up to 500k objects X Sync unlimited objects Forefront Identity Manager (FIM) server licenses – For syncing between on- premises databases and/or directories and Azure AD Self-service password change for cloud users Self-service password reset for cloud users Azure AD Sync bi-directional synchronization (Coming Soon) Write-back of devices (Coming Soon) Write-back of users, groups objects (Coming Soon) Write-back of customer defined attributes (directory extensions) Password reset with write-back to on-premises directories (Coming Soon) Password change write-back to on-premises directories (Coming Soon)

35 Azure Active Directory Subscription
7/28/2018 7:58 AM Demo Demo how to trial Azure AD Premium Azure Active Directory Subscription © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Configuration resources
Feature DirSync AAD Sync Enable Directory Synchronization Can be enabled using the Office 365 admin center… Password Hash Sync Password Write-back Alternate Login ID Filtering Soft Matching Hard Matching

37 Summary Directory Synchronization in Office 365
01 | What is Azure Active Directory? 06 | Hard and Soft User ID Matching 02 | Directory Synchronization Overview 07 | Configuring Alternate User ID 03 | Directory Synchronization Scenarios 08 | Configure Filtering 04 | Directory Synchronization Tool Comparison 09 | Azure Active Directory Subscriptions 05 | Source of Authority

38 © 2013 Microsoft Corporation. All rights reserved
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Directory Synchronization in Office 365"

Similar presentations

Understanding Active Directory

Understanding Active Directory
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.

Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Microsoft Virtual Academy

Microsoft Virtual Academy
Recording Brief EMS Partner Bootcamp Variables Values Module Title

Recording Brief EMS Partner Bootcamp Variables Values Module Title
Identity; What you need to know to be in the Microsoft Cloud

Identity; What you need to know to be in the Microsoft Cloud
Active Directory Modernization Technical competitive comparison

Active Directory Modernization Technical competitive comparison
Deployment Planning Services

Deployment Planning Services
Recording Brief EMS Partner Bootcamp Variables Values Module Title

Recording Brief EMS Partner Bootcamp Variables Values Module Title
Microsoft Virtual Academy

Microsoft Virtual Academy
Deployment Planning Services

Deployment Planning Services
O365 & AZURE ADDS Mladen Baranek, Miadria

O365 & AZURE ADDS Mladen Baranek, Miadria
Microsoft Virtual Academy

Microsoft Virtual Academy
Microsoft Virtual Academy

Microsoft Virtual Academy
SaaS Application Deep Dive

SaaS Application Deep Dive
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.

6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
Microsoft Virtual Academy

Microsoft Virtual Academy
SharePoint Online Management and Control

SharePoint Online Management and Control
Deploying Office 365 ProPlus

Deploying Office 365 ProPlus

Similar presentations

Ads by Google