This document provides an overview and agenda for a session on Office 365 Directory Synchronization. The agenda includes: - An overview of Azure Active Directory and the different identity models it supports. - A discussion of directory synchronization, the different tools available for sync (DirSync, AAD Sync, AAD Connect), and considerations for directory sync setup like permissions and system requirements. - A demonstration of configuring directory synchronization using DirSync. - Steps for setting up a development environment for testing directory sync using an Azure VM and Office 365 trial accounts.

1. October-5-15 1
Office 365 Directory Synchronization
Amit Vasu
Momentum Digital Solutions Inc.

2. Thanks to our Sponsors!!!

3. HELLO!My name is
Amit VasuSr. SharePoint Consultant, MVP
www.amitvasu.com
Twitter: @amitvasu

4. WWW.COLLAB365.EVENTS
Session Objective
 Provide overview of Azure Active Directory and Directory
Synchronization with respect to Office365.
Reference: http://bit.ly/1P3Gj4m

5. WWW.COLLAB365.EVENTS
Agenda
 Overview – Azure Active Directory
 Directory Synchronization
 Different Tools for Directory Sync
 DEMO : Configuring Directory Sync
 Creating Development Environment

6. WWW.COLLAB365.EVENTS
Azure Active Directory -
Overview

7. WWW.COLLAB365.EVENTS
What is Azure Active Directory?
 A comprehensive identity and access management
cloud solution
 It combines directory services, advanced identity
governance, application access management and
a rich standards-based platform for developers
 Azure Active Directory Premium is an advanced
offering that includes IAM capabilities for on-
premises, hybrid and cloud environments

8. WWW.COLLAB365.EVENTS
Identity and Access Management for the Cloud
 Provides a robust set of capabilities to
manage users and groups
 Comes in three editions
 Free, Basic, Premium
 https://msdn.microsoft.com/library/azure/dn
532272.aspx

9. WWW.COLLAB365.EVENTS
Simplify user access to any cloud app
 Enable single sign-on to thousands of cloud
applications from Windows, Mac, Android
and iOS devices.
 Works with third party identity providers.

10. WWW.COLLAB365.EVENTS
Protect access to enterprise apps
 Built-in security features, like “you
can’t be in two places at once”
 Security reporting that tracks
inconsistent access patterns, analytics
and alerts.

11. WWW.COLLAB365.EVENTS
Protect access to enterprise apps
 Security reporting that tracks
inconsistent access patterns,
analytics, and alerts.
 Ensure secure access by
enabling MFA

12. WWW.COLLAB365.EVENTS
Sign-in Model for Office 365

13. WWW.COLLAB365.EVENTS
Cloud Identity

14. WWW.COLLAB365.EVENTS
Synchronized Identity

15. WWW.COLLAB365.EVENTS
Federated Identity

16. WWW.COLLAB365.EVENTS
Directory Synchronization

17. WWW.COLLAB365.EVENTS
Identity and Access Management for the Cloud
 Synchronizes users, passwords, security groups, distribution lists, contacts,
and conference rooms.
 Enables unified Global Address List with Exchange Online
 Support multiple sync scenarios i.e. DirSync, DirSync/Password,
DirSync/SSO

18. WWW.COLLAB365.EVENTS
Directory Quota Limit
 Up to 50k objects with no verified domain
 Up to 500k objects with first verified domain
 Each tenant is only granted one increase
 Unlimited if you have Azure Active Directory Basic or Premium
subscription

19. WWW.COLLAB365.EVENTS
Synchronization interval
 Default every 3 hours.
 Can be modified by updating
Microsoft.Online.DirSync.Scheduler.exe.Config
 Find the key: <add key="SyncTimeInterval" value="3:0:0"
/> and replace value with your desired time.
 Restart the Windows Azure Active Directory Sync Service

20. WWW.COLLAB365.EVENTS
Password Sync
 Does not mean its SSO as there is not token sharing
 Passwords are synchronized every two minutes
 The synchronization of a password has no impact on currently logged on
users.

21. WWW.COLLAB365.EVENTS
Source of Authority
 Location which is original source of Active Directory objects
 Azure AD requires a single source of authority for every object.
 By default, Azure AD directory objects are mastered in the cloud.

22. WWW.COLLAB365.EVENTS
Changing Source of Authority
 Three scenarios where source of authority may get changed for an object
 Activate
 Deactivate
 Reactivate*

23. WWW.COLLAB365.EVENTS
Directory Synchronization Tools

24. WWW.COLLAB365.EVENTS
Directory Sync
 Most commonly-known product is the Directory Sync tool (DirSync).
 Download link from the Office 365 portal.
 Relies on Forefront Identity Manager (FIM) for Synchronization.

25. WWW.COLLAB365.EVENTS
Azure Active Directory Synchronization (AAD Sync)
 Successor to DirSync and eventually will replace DirSync.
 Supports Multi-Forest Synchronization.
 Advanced provisioning, mapping and filtering rules for objects and
attributes.

26. WWW.COLLAB365.EVENTS
Azure Active Directory Connect
 At some point in the future AADConnect will be the single choice.
 Will also assist you to set up AD FS
 AADConnect will simplify the deployment and configuration of your end-
to-end identity setup.
 COMPARE FEATURES:
https://msdn.microsoft.com/en-us/library/azure/dn757582.aspx

27. WWW.COLLAB365.EVENTS
System Requirements

28. WWW.COLLAB365.EVENTS
Directory Synchronization Computer - OS
 64-bit edition of Windows Server 2008 Standard, Enterprise, or
Datacenter edition with SP1 or later
 Windows Server 2008 R2 Standard, Enterprise, or Datacenter edition
with SP1 or later
 Windows Server 2012 Standard or Datacenter
 Windows Server 2012 R2 Standard or Datacenter

29. WWW.COLLAB365.EVENTS
Directory Synchronization Computer
 It must be joined to Active Directory.
 It must run the Microsoft .NET Framework 3.5 SP1 and the Microsoft
.NET Framework 4.5.1
 It must run Windows PowerShell
 It must be located in an access-controlled environment.

30. WWW.COLLAB365.EVENTS
Directory Synchronization – Domain Controller
 Windows Server 2003 forest functional mode or higher
 32-bit or 64-bit Windows Server 2003 Standard Edition or Enterprise
Edition with Service Pack 1 (SP1)
 32-bit or 64-bit edition of the Windows Server 2008 STD or ENT,
Windows Server 2008 R2 Standard or Enterprise, or Windows Server
2008 Datacenter or Windows Server 2008 R2 Datacenter.
 Windows Server 2012 Standard or Datacenter.

31. WWW.COLLAB365.EVENTS
Permissions
 You must have administrator permissions for the following:
 The computer running the Directory Sync tool.
 Your company’s local Active Directory.
 Your company’s Microsoft cloud service administrator account.

32. WWW.COLLAB365.EVENTS
DirSync on Domain Controller
 DirSync can be installed on Domain Controller
 Steps to install DirSync on a DC is exactly the same.
 Just because you can does not mean you should. 
 Follow the best practice and install DirSync on separate server.

33. WWW.COLLAB365.EVENTS
DEMO: Setting up DirSync

34. WWW.COLLAB365.EVENTS
Setting up Development
Environment

35. WWW.COLLAB365.EVENTS
 Sign up for Azure free one month trial
http://azure.microsoft.com/en-us/pricing/free-trial/
 Create Domain Controller in Azure using the following HOL
http://azure.microsoft.com/en-us/documentation/articles/active-
directory-new-forest-virtual-machine/
 Sign-up for Office 365 trial (30 day)
https://portal.office.com/partner/partnersignup.aspx?type=Trial&id
=3dd59a14-63ab-4c89-acce-c065ac672e46&msppid=2971477

36. Thanks to our Sponsors!!!

37. Join us at #SharePint sponsored by Kemp Technologies at
World of Beer of Reston in the Towncenter just across
the bridge
Why? To network with fellow SharePoint professionals
What? SharePint!!!
When? 6:15 PM
Where?
World of Beer Reston
1888 Explorer Street
Reston, VA 20190
Thanks to
Kemp Technologies

38. WWW.COLLAB365.EVENTS
Stay tuned for more great sessions …
Thank you for watching