Microsoft Office Tutorials and References
In Depth Information
Chapter 4: Directory synchronization
Directory synchronization process. . . . . . . . . . . . . . . . . . 140
Activating directory synchronization ............... 140
Installing Windows Azure Active Directory Sync ...... 147
Verifying directory synchronization ................ 176
Forcing an unscheduled directory synchronization ... 182
Changing the directory synchronization schedule .... 194
Troubleshooting common directory synchronization
errors .......................................... 195
All user accounts in Office 365 use the User Principal Name (UPN) format. In the
preceding chapter, we set up Active Directory Federation Services (AD FS) and SSO
so that when users are authenticated by Active Directory (AD), they will be granted
access. If they have not been authenticated by AD, they will be presented with the Office
365 portal logon screen, and they will need to supply a user name in UPN format.
If a federated UPN suffix is supplied, Office 365 automatically redirects the authentication
request to your AD FS service. If it is not a federated UPN suffix or if the suffix is *.onmicro-
soft.com, then Office 365 is responsible for the authentication. Collectively, this addresses
the authentication process for Office 365. However, we still need to address how accounts
are created in the Office 365 tenant. A corresponding Office 365 account needs to exist for
each user needing access to Office 365.
The theme throughout this topic is automation. As an enterprise, the last thing we want
to do is manually maintain a second set of user accounts in Office 365. Office 365 user
account automation comes in the form of directory synchronization.
During the directory synchronization process, a corresponding Office 365 account is
created for each user account in AD, as shown in Figure 4-1.
Figure 4-1 Directory synchronization with the Directory Sync tool.