office 365 directory synchronization
TRANSCRIPT
April 15, 2023 1
Office 365 Directory SynchronizationAmit Vasu
Momentum Digital Solutions Inc.
April 15, 2023 2
Agenda
O365 - DirSync
Overview - Azure Active Directory
DirSync Sync Tools
Setting up DEV environment
Demo
April 15, 2023 3
Microsoft Community
Contributor (MCC)
Senior SharePoint Consultant
@amitvasuMCP – SP 2013
BLOG – www.amitvasu.comO365 - DirSync
April 15, 2023 4
Azure Active Directory- Overview
April 15, 2023 5
Provides a robust set of capabilities to manage users and groups
Comes in three editions Free, Basic, Premium
World’s largest cloud directory
Identity and Access Management for the Cloud
April 15, 2023 6
Enable single sign-on to thousands of cloud applications from Windows, Mac, Android and iOS devices.
Works with third party identity providers
Simplify user access to any cloud app
April 15, 2023 7
Provides Multi-Factor Authentication
Security monitoring and Alerts
Machine learning based reports
Protect sensitive data and applications
April 15, 2023 8
Sign-in Model for
O365
April 15, 2023 9
Cloud Identity
April 15, 2023 10
Synchronized Identity
April 15, 2023 11
Federated Identity
April 15, 2023 12
Directory Synchronization - Overview
April 15, 2023 13
Synchronizes users, passwords, security groups, distribution lists, contacts, and conference rooms.
Enables unified Global Address List with Exchange Online
Support multiple sync scenarios i.e. DirSync, DirSync/Password, DirSync/SSO
Identity and Access Management for the Cloud
April 15, 2023 14
Default every 3 hours.
Can be modified by updating Microsoft.Online.DirSync.Scheduler.exe.Config
Find the key: <add key="SyncTimeInterval" value="3:0:0" /> and replace value with your desired time.
Restart the Windows Azure Active Directory Sync Service
Synchronization interval
April 15, 2023 15
Up to 50k objects with no verified domain
Increased to 300k objects with first verified domain Each tenant is only granted one increase
Unlimited if you have Azure Active Directory Basic or Premium subscription
Directory Quota Limit
April 15, 2023 16
Must be running version 6382.0000 or greater of the Directory Sync tool in order to enable the Password Sync feature
Does not mean its SSO as there is not token sharing
Passwords are synchronized every two minutes
The synchronization of a password has no impact on currently logged on users.
Password Sync
April 15, 2023 18
Location which is original source of Active Directory objects
Azure AD requires a single source of authority for every object.
By default, Azure AD directory objects are mastered in the cloud.
Source of Authority
April 15, 2023 19
Three scenarios where source of authority may get changed for an object
Activate Deactivate Reactivate*
Changing Source of Authority
April 15, 2023 20
Directory Synchronization - Tools
April 15, 2023 21
Most commonly-known product is the Directory Sync tool (DirSync).
Download link from the Office 365 portal.
Directory Sync
Relies on Forefront Identity Manager (FIM) for Synchronization.
April 15, 2023 22
Successor to DirSync and eventually will replace DirSync.
Supports Multi-Forest Synchronization.
Advanced provisioning, mapping and filtering rules for objects and attributes.
Azure Active Directory Synchronization (AAD Sync)
April 15, 2023 23
At some point in the future AADConnect will be the single choice.
Will also assist you to set up AD FS
AADConnect will simplify the deployment and configuration of your end-to-end identity setup.
COMPARE FEATURES: https://msdn.microsoft.com/en-us/library/azure/dn757582.aspx
Azure Active Directory Connect
April 15, 2023 24
System Requirements
April 15, 2023 25
64-bit edition of Windows Server 2008 Standard, Enterprise, or Datacenter edition with SP1 or later
Windows Server 2008 R2 Standard, Enterprise, or Datacenter edition with SP1 or later
Windows Server 2012 Standard or Datacenter
Windows Server 2012 R2 Standard or Datacenter
Directory Synchronization Computer - OS
April 15, 2023 26
It must be joined to Active Directory.
It must run the Microsoft .NET Framework 3.5 SP1 and the Microsoft .NET Framework 4.5.1
It must run Windows PowerShell
It must be located in an access-controlled environment.
Directory Synchronization Computer
April 15, 2023 27
Windows Server 2003 forest functional mode or higher
32-bit or 64-bit Windows Server 2003 Standard Edition or Enterprise Edition with Service Pack 1 (SP1)
32-bit or 64-bit edition of the Windows Server 2008 Standard or Enterprise, Windows Server 2008 R2 Standard or Enterprise, or Windows Server 2008 Datacenter or Windows Server 2008 R2 Datacenter.
Windows Server 2012 Standard or Datacenter.
Directory Synchronization – Domain Controller
April 15, 2023 28
You must have administrator permissions for the following:
The computer running the Directory Sync tool.
Your company’s local Active Directory.
Your company’s Microsoft cloud service administrator account.
Permissions
April 15, 2023 29
DirSync can be installed on Domain Controller
Requires version 6553.0002 and newer
Steps to install DirSync on a DC is exactly the same.
Directory Synchronization on Domain Controller
Just because you can does not mean you should.
Follow the best practice and install DirSync on separate server.
April 15, 2023 30
DEMO:
Setting up Directory Sync
April 15, 2023 31
Setting up Development Environment
April 15, 2023 32
Sign up for Azure free one month trialhttp://azure.microsoft.com/en-us/pricing/free-trial/
Create Domain Controller in Azure using the following HOLhttp://azure.microsoft.com/en-us/documentation/articles/active-directory-new-forest-virtual-machine/
Sign-up for Office 365 trial (30 day)https://portal.office.com/partner/partnersignup.aspx?type=Trial&id=3dd59a14-63ab-4c89-acce-c065ac672e46&msppid=2971477
• May 14th and 15th – 8am to 6pm PST (Pacific)• Steve Guggenheimer Keynote at 8am on May 14th
• OPEN TO THE EVERYONE!• 5 TRACKS
• IT Pro | Developer | Consumer | LATAM Track (Spanish) | Brazil Track (Portuguese)
• REGISTER HERE: http://mvp.microsoft.com/en-us/virtualconference.aspx• MVP Home Page > Events > 2015 Microsoft MVP Virtual Conference
Thank You