Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Office 365 directory synchronization - SPSDC Reston

781 views

Published on

Learn how directory synchronization works with Office 365 using the DirSync tool.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Office 365 directory synchronization - SPSDC Reston

  1. 1. October-5-15 1 Office 365 Directory Synchronization Amit Vasu Momentum Digital Solutions Inc.
  2. 2. Thanks to our Sponsors!!!
  3. 3. HELLO!My name is Amit VasuSr. SharePoint Consultant, MVP www.amitvasu.com Twitter: @amitvasu
  4. 4. WWW.COLLAB365.EVENTS Session Objective  Provide overview of Azure Active Directory and Directory Synchronization with respect to Office365. Reference: http://bit.ly/1P3Gj4m
  5. 5. WWW.COLLAB365.EVENTS Agenda  Overview – Azure Active Directory  Directory Synchronization  Different Tools for Directory Sync  DEMO : Configuring Directory Sync  Creating Development Environment
  6. 6. WWW.COLLAB365.EVENTS Azure Active Directory - Overview
  7. 7. WWW.COLLAB365.EVENTS What is Azure Active Directory?  A comprehensive identity and access management cloud solution  It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers  Azure Active Directory Premium is an advanced offering that includes IAM capabilities for on- premises, hybrid and cloud environments
  8. 8. WWW.COLLAB365.EVENTS Identity and Access Management for the Cloud  Provides a robust set of capabilities to manage users and groups  Comes in three editions  Free, Basic, Premium  https://msdn.microsoft.com/library/azure/dn 532272.aspx
  9. 9. WWW.COLLAB365.EVENTS Simplify user access to any cloud app  Enable single sign-on to thousands of cloud applications from Windows, Mac, Android and iOS devices.  Works with third party identity providers.
  10. 10. WWW.COLLAB365.EVENTS Protect access to enterprise apps  Built-in security features, like “you can’t be in two places at once”  Security reporting that tracks inconsistent access patterns, analytics and alerts.
  11. 11. WWW.COLLAB365.EVENTS Protect access to enterprise apps  Security reporting that tracks inconsistent access patterns, analytics, and alerts.  Ensure secure access by enabling MFA
  12. 12. WWW.COLLAB365.EVENTS Sign-in Model for Office 365
  13. 13. WWW.COLLAB365.EVENTS Cloud Identity
  14. 14. WWW.COLLAB365.EVENTS Synchronized Identity
  15. 15. WWW.COLLAB365.EVENTS Federated Identity
  16. 16. WWW.COLLAB365.EVENTS Directory Synchronization
  17. 17. WWW.COLLAB365.EVENTS Identity and Access Management for the Cloud  Synchronizes users, passwords, security groups, distribution lists, contacts, and conference rooms.  Enables unified Global Address List with Exchange Online  Support multiple sync scenarios i.e. DirSync, DirSync/Password, DirSync/SSO
  18. 18. WWW.COLLAB365.EVENTS Directory Quota Limit  Up to 50k objects with no verified domain  Up to 500k objects with first verified domain  Each tenant is only granted one increase  Unlimited if you have Azure Active Directory Basic or Premium subscription
  19. 19. WWW.COLLAB365.EVENTS Synchronization interval  Default every 3 hours.  Can be modified by updating Microsoft.Online.DirSync.Scheduler.exe.Config  Find the key: <add key="SyncTimeInterval" value="3:0:0" /> and replace value with your desired time.  Restart the Windows Azure Active Directory Sync Service
  20. 20. WWW.COLLAB365.EVENTS Password Sync  Does not mean its SSO as there is not token sharing  Passwords are synchronized every two minutes  The synchronization of a password has no impact on currently logged on users.
  21. 21. WWW.COLLAB365.EVENTS Source of Authority  Location which is original source of Active Directory objects  Azure AD requires a single source of authority for every object.  By default, Azure AD directory objects are mastered in the cloud.
  22. 22. WWW.COLLAB365.EVENTS Changing Source of Authority  Three scenarios where source of authority may get changed for an object  Activate  Deactivate  Reactivate*
  23. 23. WWW.COLLAB365.EVENTS Directory Synchronization Tools
  24. 24. WWW.COLLAB365.EVENTS Directory Sync  Most commonly-known product is the Directory Sync tool (DirSync).  Download link from the Office 365 portal.  Relies on Forefront Identity Manager (FIM) for Synchronization.
  25. 25. WWW.COLLAB365.EVENTS Azure Active Directory Synchronization (AAD Sync)  Successor to DirSync and eventually will replace DirSync.  Supports Multi-Forest Synchronization.  Advanced provisioning, mapping and filtering rules for objects and attributes.
  26. 26. WWW.COLLAB365.EVENTS Azure Active Directory Connect  At some point in the future AADConnect will be the single choice.  Will also assist you to set up AD FS  AADConnect will simplify the deployment and configuration of your end- to-end identity setup.  COMPARE FEATURES: https://msdn.microsoft.com/en-us/library/azure/dn757582.aspx
  27. 27. WWW.COLLAB365.EVENTS System Requirements
  28. 28. WWW.COLLAB365.EVENTS Directory Synchronization Computer - OS  64-bit edition of Windows Server 2008 Standard, Enterprise, or Datacenter edition with SP1 or later  Windows Server 2008 R2 Standard, Enterprise, or Datacenter edition with SP1 or later  Windows Server 2012 Standard or Datacenter  Windows Server 2012 R2 Standard or Datacenter
  29. 29. WWW.COLLAB365.EVENTS Directory Synchronization Computer  It must be joined to Active Directory.  It must run the Microsoft .NET Framework 3.5 SP1 and the Microsoft .NET Framework 4.5.1  It must run Windows PowerShell  It must be located in an access-controlled environment.
  30. 30. WWW.COLLAB365.EVENTS Directory Synchronization – Domain Controller  Windows Server 2003 forest functional mode or higher  32-bit or 64-bit Windows Server 2003 Standard Edition or Enterprise Edition with Service Pack 1 (SP1)  32-bit or 64-bit edition of the Windows Server 2008 STD or ENT, Windows Server 2008 R2 Standard or Enterprise, or Windows Server 2008 Datacenter or Windows Server 2008 R2 Datacenter.  Windows Server 2012 Standard or Datacenter.
  31. 31. WWW.COLLAB365.EVENTS Permissions  You must have administrator permissions for the following:  The computer running the Directory Sync tool.  Your company’s local Active Directory.  Your company’s Microsoft cloud service administrator account.
  32. 32. WWW.COLLAB365.EVENTS DirSync on Domain Controller  DirSync can be installed on Domain Controller  Steps to install DirSync on a DC is exactly the same.  Just because you can does not mean you should.   Follow the best practice and install DirSync on separate server.
  33. 33. WWW.COLLAB365.EVENTS DEMO: Setting up DirSync
  34. 34. WWW.COLLAB365.EVENTS Setting up Development Environment
  35. 35. WWW.COLLAB365.EVENTS  Sign up for Azure free one month trial http://azure.microsoft.com/en-us/pricing/free-trial/  Create Domain Controller in Azure using the following HOL http://azure.microsoft.com/en-us/documentation/articles/active- directory-new-forest-virtual-machine/  Sign-up for Office 365 trial (30 day) https://portal.office.com/partner/partnersignup.aspx?type=Trial&id =3dd59a14-63ab-4c89-acce-c065ac672e46&msppid=2971477
  36. 36. Thanks to our Sponsors!!!
  37. 37. Join us at #SharePint sponsored by Kemp Technologies at World of Beer of Reston in the Towncenter just across the bridge Why? To network with fellow SharePoint professionals What? SharePint!!! When? 6:15 PM Where? World of Beer Reston 1888 Explorer Street Reston, VA 20190 Thanks to Kemp Technologies
  38. 38. WWW.COLLAB365.EVENTS Stay tuned for more great sessions … Thank you for watching

×