Microsoft Office Tutorials and References
In Depth Information
Chapter 4: Directory synchronization
Directory synchronization is accomplished through a free piece of software known as the
Windows Azure Active Directory Sync tool, which is supplied by Microsoft specifically for
use with Office 365 subscriptions. Under the covers, directory synchronization is really a
customized distribution of Microsoft Forefront Identity Manager (FIM) 2010. FIM is used
for more advanced directory synchronization scenarios that we will cover in Chapter 16,
“Advanced Scenarios and Azure.” You will hear the terms directory synchronization, DirSync,
and Windows Azure Active Directory Sync used interchangeably. DirSync is used more
frequently because of its brevity. We will generally reference it as directory synchronization
throughout the book.
Directory synchronization is provided as a software tool, which means minimal
configuration is required for directory synchronization to work. The important facts to know about
directory synchronization are the following:
Directory synchronization creates a copy of AD accounts in Office 365.
A new directory synchronization option allows you to configure directory
synchronization to synchronize AD passwords to Office 365. This is sometimes known as same
sign on .
Without implementing AD FS, directory synchronized accounts will require their own
passwords in Office 365. This is accomplished by manually administering passwords
in Office 365 or by using the new password sync option in directory synchronization.
Accounts that are directory synchronized in Office 365 are not automatically granted
access to Office 365 services. A separate action, manual or automated, must occur to
assign Office 365 licenses to accounts. So, it is not uncommon to have more accounts
in Office 365 than what you have licenses for because not all accounts require Office
365 access.
Directory synchronization is a required prerequisite for SSO, Lync Online and Lync
onpremises coexistence, and Exchange hybrid deployments.
Directory synchronization is also responsible for the synchronization of other AD objects,
such as distribution lists (DLs), photos, and security groups.
For the most part, directory synchronization is a one-way push of information from AD to
Office 365. However, if you require a hybrid scenario for Exchange, a two-way
synchronization needs to occur because directory synchronization needs to write some information
back to AD to facilitate mail low for a hybrid environment, where some mailboxes reside
in Office 365 while others reside on-premises. We will take a deeper look at all the two-way
synchronization occurrences in Chapter 11, “Incorporating Exchange Online in the
Enterprise,” which focuses on Exchange Online.
Search JabSto ::

Custom Search