Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Tspug 2015 dirsync_amit_v_momentum

272 views

Published on

Directory Synchronization in Office 365

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Tspug 2015 dirsync_amit_v_momentum

  1. 1. April 29, 2015 1 Office 365 Directory Synchronization Amit Vasu Momentum Digital Solutions Inc.
  2. 2. April 29, 2015 2 Agenda O365 - DirSync Overview - Azure Active Directory DirSync Sync Tools Setting up DEV environment Demo
  3. 3. April 29, 2015 3 Microsoft Community Contributor (MCC) Senior SharePoint Consultant @amitvasuMCP – SP 2013 BLOG – www.amitvasu.comO365 - DirSync
  4. 4. April 29, 2015 4 Azure Active Directory- Overview
  5. 5. April 29, 2015 5  Provides a robust set of capabilities to manage users and groups  Comes in three editions  Free, Basic, Premium  World’s largest cloud directory Identity and Access Management for the Cloud
  6. 6. April 29, 2015 6  Enable single sign-on to thousands of cloud applications from Windows, Mac, Android and iOS devices.  Works with third party identity providers Simplify user access to any cloud app
  7. 7. April 29, 2015 7  Provides Multi-Factor Authentication  Security monitoring and Alerts  Machine learning based reports Protect sensitive data and applications
  8. 8. April 29, 2015 8 Sign-in Model for O365
  9. 9. April 29, 2015 9 Cloud Identity
  10. 10. April 29, 2015 10 Synchronized Identity
  11. 11. April 29, 2015 11 Federated Identity
  12. 12. April 29, 2015 12 Directory Synchronization - Overview
  13. 13. April 29, 2015 13  Synchronizes users, passwords, security groups, distribution lists, contacts, and conference rooms.  Enables unified Global Address List with Exchange Online  Support multiple sync scenarios i.e. DirSync, DirSync/Password, DirSync/SSO Identity and Access Management for the Cloud
  14. 14. April 29, 2015 14  Default every 3 hours.  Can be modified by updating Microsoft.Online.DirSync.Scheduler.exe.Config  Find the key: <add key="SyncTimeInterval" value="3:0:0" /> and replace value with your desired time.  Restart the Windows Azure Active Directory Sync Service Synchronization interval
  15. 15. April 29, 2015 15  Up to 50k objects with no verified domain  Increased to 300k objects with first verified domain  Each tenant is only granted one increase  Unlimited if you have Azure Active Directory Basic or Premium subscription Directory Quota Limit
  16. 16. April 29, 2015 16  Must be running version 6382.0000 or greater of the Directory Sync tool in order to enable the Password Sync feature  Does not mean its SSO as there is not token sharing  Passwords are synchronized every two minutes  The synchronization of a password has no impact on currently logged on users. Password Sync
  17. 17. April 29, 2015 18  Location which is original source of Active Directory objects  Azure AD requires a single source of authority for every object.  By default, Azure AD directory objects are mastered in the cloud. Source of Authority
  18. 18. April 29, 2015 19  Three scenarios where source of authority may get changed for an object  Activate  Deactivate  Reactivate* Changing Source of Authority
  19. 19. April 29, 2015 20 Directory Synchronization - Tools
  20. 20. April 29, 2015 21  Most commonly-known product is the Directory Sync tool (DirSync).  Download link from the Office 365 portal. Directory Sync  Relies on Forefront Identity Manager (FIM) for Synchronization.
  21. 21. April 29, 2015 22  Successor to DirSync and eventually will replace DirSync.  Supports Multi-Forest Synchronization.  Advanced provisioning, mapping and filtering rules for objects and attributes. Azure Active Directory Synchronization (AAD Sync)
  22. 22. April 29, 2015 23  At some point in the future AADConnect will be the single choice.  Will also assist you to set up AD FS  AADConnect will simplify the deployment and configuration of your end-to-end identity setup. COMPARE FEATURES: https://msdn.microsoft.com/en-us/library/azure/dn757582.aspx Azure Active Directory Connect
  23. 23. April 29, 2015 24 System Requirements
  24. 24. April 29, 2015 25  64-bit edition of Windows Server 2008 Standard, Enterprise, or Datacenter edition with SP1 or later  Windows Server 2008 R2 Standard, Enterprise, or Datacenter edition with SP1 or later  Windows Server 2012 Standard or Datacenter  Windows Server 2012 R2 Standard or Datacenter Directory Synchronization Computer - OS
  25. 25. April 29, 2015 26  It must be joined to Active Directory.  It must run the Microsoft .NET Framework 3.5 SP1 and the Microsoft .NET Framework 4.5.1  It must run Windows PowerShell  It must be located in an access-controlled environment. Directory Synchronization Computer
  26. 26. April 29, 2015 27  Windows Server 2003 forest functional mode or higher  32-bit or 64-bit Windows Server 2003 Standard Edition or Enterprise Edition with Service Pack 1 (SP1)  32-bit or 64-bit edition of the Windows Server 2008 Standard or Enterprise, Windows Server 2008 R2 Standard or Enterprise, or Windows Server 2008 Datacenter or Windows Server 2008 R2 Datacenter.  Windows Server 2012 Standard or Datacenter. Directory Synchronization – Domain Controller
  27. 27. April 29, 2015 28 You must have administrator permissions for the following:  The computer running the Directory Sync tool.  Your company’s local Active Directory.  Your company’s Microsoft cloud service administrator account. Permissions
  28. 28. April 29, 2015 29  DirSync can be installed on Domain Controller  Requires version 6553.0002 and newer  Steps to install DirSync on a DC is exactly the same. Directory Synchronization on Domain Controller  Just because you can does not mean you should.   Follow the best practice and install DirSync on separate server.
  29. 29. April 29, 2015 30 DEMO: Setting up Directory Sync
  30. 30. April 29, 2015 31 Setting up Development Environment
  31. 31. April 29, 2015 32 Sign up for Azure free one month trial http://azure.microsoft.com/en-us/pricing/free-trial/ Create Domain Controller in Azure using the following HOL http://azure.microsoft.com/en-us/documentation/articles/active-directory- new-forest-virtual-machine/ Sign-up for Office 365 trial (30 day) https://portal.office.com/partner/partnersignup.aspx?type=Trial&id=3dd59a1 4-63ab-4c89-acce-c065ac672e46&msppid=2971477
  32. 32. • May 14th and 15th – 8am to 6pm PST (Pacific) • Steve Guggenheimer Keynote at 8am on May 14th • OPEN TO THE EVERYONE! • 5 TRACKS • IT Pro | Developer | Consumer | LATAM Track (Spanish) | Brazil Track (Portuguese) • REGISTER HERE: http://mvp.microsoft.com/en- us/virtualconference.aspx • MVP Home Page > Events > 2015 Microsoft MVP Virtual Conference
  33. 33. Thank You

×