office 365 directory synchronization
TRANSCRIPT
![Page 1: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/1.jpg)
April 15, 2023 1
Office 365 Directory SynchronizationAmit Vasu
Momentum Digital Solutions Inc.
![Page 2: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/2.jpg)
April 15, 2023 2
Agenda
O365 - DirSync
Overview - Azure Active Directory
DirSync Sync Tools
Setting up DEV environment
Demo
![Page 3: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/3.jpg)
April 15, 2023 3
Microsoft Community
Contributor (MCC)
Senior SharePoint Consultant
@amitvasuMCP – SP 2013
BLOG – www.amitvasu.comO365 - DirSync
![Page 4: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/4.jpg)
April 15, 2023 4
Azure Active Directory- Overview
![Page 5: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/5.jpg)
April 15, 2023 5
Provides a robust set of capabilities to manage users and groups
Comes in three editions Free, Basic, Premium
World’s largest cloud directory
Identity and Access Management for the Cloud
![Page 6: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/6.jpg)
April 15, 2023 6
Enable single sign-on to thousands of cloud applications from Windows, Mac, Android and iOS devices.
Works with third party identity providers
Simplify user access to any cloud app
![Page 7: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/7.jpg)
April 15, 2023 7
Provides Multi-Factor Authentication
Security monitoring and Alerts
Machine learning based reports
Protect sensitive data and applications
![Page 8: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/8.jpg)
April 15, 2023 8
Sign-in Model for
O365
![Page 9: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/9.jpg)
April 15, 2023 9
Cloud Identity
![Page 10: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/10.jpg)
April 15, 2023 10
Synchronized Identity
![Page 11: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/11.jpg)
April 15, 2023 11
Federated Identity
![Page 12: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/12.jpg)
April 15, 2023 12
Directory Synchronization - Overview
![Page 13: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/13.jpg)
April 15, 2023 13
Synchronizes users, passwords, security groups, distribution lists, contacts, and conference rooms.
Enables unified Global Address List with Exchange Online
Support multiple sync scenarios i.e. DirSync, DirSync/Password, DirSync/SSO
Identity and Access Management for the Cloud
![Page 14: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/14.jpg)
April 15, 2023 14
Default every 3 hours.
Can be modified by updating Microsoft.Online.DirSync.Scheduler.exe.Config
Find the key: <add key="SyncTimeInterval" value="3:0:0" /> and replace value with your desired time.
Restart the Windows Azure Active Directory Sync Service
Synchronization interval
![Page 15: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/15.jpg)
April 15, 2023 15
Up to 50k objects with no verified domain
Increased to 300k objects with first verified domain Each tenant is only granted one increase
Unlimited if you have Azure Active Directory Basic or Premium subscription
Directory Quota Limit
![Page 16: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/16.jpg)
April 15, 2023 16
Must be running version 6382.0000 or greater of the Directory Sync tool in order to enable the Password Sync feature
Does not mean its SSO as there is not token sharing
Passwords are synchronized every two minutes
The synchronization of a password has no impact on currently logged on users.
Password Sync
![Page 17: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/17.jpg)
April 15, 2023 18
Location which is original source of Active Directory objects
Azure AD requires a single source of authority for every object.
By default, Azure AD directory objects are mastered in the cloud.
Source of Authority
![Page 18: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/18.jpg)
April 15, 2023 19
Three scenarios where source of authority may get changed for an object
Activate Deactivate Reactivate*
Changing Source of Authority
![Page 19: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/19.jpg)
April 15, 2023 20
Directory Synchronization - Tools
![Page 20: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/20.jpg)
April 15, 2023 21
Most commonly-known product is the Directory Sync tool (DirSync).
Download link from the Office 365 portal.
Directory Sync
Relies on Forefront Identity Manager (FIM) for Synchronization.
![Page 21: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/21.jpg)
April 15, 2023 22
Successor to DirSync and eventually will replace DirSync.
Supports Multi-Forest Synchronization.
Advanced provisioning, mapping and filtering rules for objects and attributes.
Azure Active Directory Synchronization (AAD Sync)
![Page 22: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/22.jpg)
April 15, 2023 23
At some point in the future AADConnect will be the single choice.
Will also assist you to set up AD FS
AADConnect will simplify the deployment and configuration of your end-to-end identity setup.
COMPARE FEATURES: https://msdn.microsoft.com/en-us/library/azure/dn757582.aspx
Azure Active Directory Connect
![Page 23: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/23.jpg)
April 15, 2023 24
System Requirements
![Page 24: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/24.jpg)
April 15, 2023 25
64-bit edition of Windows Server 2008 Standard, Enterprise, or Datacenter edition with SP1 or later
Windows Server 2008 R2 Standard, Enterprise, or Datacenter edition with SP1 or later
Windows Server 2012 Standard or Datacenter
Windows Server 2012 R2 Standard or Datacenter
Directory Synchronization Computer - OS
![Page 25: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/25.jpg)
April 15, 2023 26
It must be joined to Active Directory.
It must run the Microsoft .NET Framework 3.5 SP1 and the Microsoft .NET Framework 4.5.1
It must run Windows PowerShell
It must be located in an access-controlled environment.
Directory Synchronization Computer
![Page 26: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/26.jpg)
April 15, 2023 27
Windows Server 2003 forest functional mode or higher
32-bit or 64-bit Windows Server 2003 Standard Edition or Enterprise Edition with Service Pack 1 (SP1)
32-bit or 64-bit edition of the Windows Server 2008 Standard or Enterprise, Windows Server 2008 R2 Standard or Enterprise, or Windows Server 2008 Datacenter or Windows Server 2008 R2 Datacenter.
Windows Server 2012 Standard or Datacenter.
Directory Synchronization – Domain Controller
![Page 27: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/27.jpg)
April 15, 2023 28
You must have administrator permissions for the following:
The computer running the Directory Sync tool.
Your company’s local Active Directory.
Your company’s Microsoft cloud service administrator account.
Permissions
![Page 28: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/28.jpg)
April 15, 2023 29
DirSync can be installed on Domain Controller
Requires version 6553.0002 and newer
Steps to install DirSync on a DC is exactly the same.
Directory Synchronization on Domain Controller
Just because you can does not mean you should.
Follow the best practice and install DirSync on separate server.
![Page 29: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/29.jpg)
April 15, 2023 30
DEMO:
Setting up Directory Sync
![Page 30: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/30.jpg)
April 15, 2023 31
Setting up Development Environment
![Page 31: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/31.jpg)
April 15, 2023 32
Sign up for Azure free one month trialhttp://azure.microsoft.com/en-us/pricing/free-trial/
Create Domain Controller in Azure using the following HOLhttp://azure.microsoft.com/en-us/documentation/articles/active-directory-new-forest-virtual-machine/
Sign-up for Office 365 trial (30 day)https://portal.office.com/partner/partnersignup.aspx?type=Trial&id=3dd59a14-63ab-4c89-acce-c065ac672e46&msppid=2971477
![Page 32: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/32.jpg)
• May 14th and 15th – 8am to 6pm PST (Pacific)• Steve Guggenheimer Keynote at 8am on May 14th
• OPEN TO THE EVERYONE!• 5 TRACKS
• IT Pro | Developer | Consumer | LATAM Track (Spanish) | Brazil Track (Portuguese)
• REGISTER HERE: http://mvp.microsoft.com/en-us/virtualconference.aspx• MVP Home Page > Events > 2015 Microsoft MVP Virtual Conference
![Page 33: Office 365 Directory Synchronization](https://reader030.vdocuments.mx/reader030/viewer/2022032620/55c9b14dbb61eb977d8b4580/html5/thumbnails/33.jpg)
Thank You