Microsoft Office Tutorials and References
In Depth Information
Chapter 4: Directory synchronization
Directory synchronization synchronizes a number of AD attributes into Office 365, and
you can configure it to include other attributes. At a minimum, directory synchronization
requires the following attributes to contain values before the account can be synchronized:
Members (if the object is a group)
samAccountName (if the object is a user account)
Alias (if the object is a group or contact)
DisplayName (if the object is a group with a mail or proxyAddress attribute
For a full list of attributes that directory synchronization synchronizes to Office 365, see KB
article 2256198 at .
Leverage both identities
You might think you must choose to use either cloud identities or federated
identities, but be aware there is no reason why you cannot use both. For example, in many
enterprise organizations with AD, there might be a reluctance to create and maintain
accounts for non-employees because of security and licensing concerns. These
nonemployee accounts might belong to vendors, business-to-business (B2B) partners, or
contractors for whom you want access to Office 365 because you are doing business
with them. This is a classic example of an extranet. There is a special class of cloud
identity that allows for partner access to Office 365 at no cost. These are called Partner
Access Licenses (PALs), and each Office 365 tenant comes with a number of PALs. PALs
allow you to invite external users so they can access content stored in SharePoint Online.
For more information about PALs, see the SharePoint Online Service Description. On the
other hand, if you want to provide non-employees with other Office 365 services but
do not want to create an account for them in AD, you can create a cloud identity for the
non-employees and assign them access to Office 365. The important thing to note here
is that cloud identities can coexist alongside federated identities in the same Office 365
Search JabSto ::

Custom Search