Directory synchronization process
As mentioned earlier, directory synchronization creates a user account in Office 365 by
replicating the AD account in its UPN format and attempting to create an Office 365 account
using that UPN. If it is not able to complete the process, then directory synchronization will
create the account using the tenant’s default domain name, which is usually < Org.Name >. For example, directory synchronization copies the object and properties
for and tries to create an account called in
an Office 365 tenant. However, if is not a domain that is added to the Office
365 tenant, directory synchronization will not be able to create .
Instead, it will create the account as . The onmicrosoft.
com name is defined at the time you created your Office 365 tenant.
Figure 4-2 shows how an AD account is handled when it is synchronized with Office 365.
It is important to note that directory synchronization synchronizes changes to existing
accounts as well as the creation of new accounts. Directory synchronization also
synchronizes accounts that were deleted in AD. (Figure 4-2 does not show the synchronization of
deleted accounts).
When the directory synchronization process is completed, new accounts created in AD that
do not exist in Office 365 will be created in the tenant. Existing AD accounts previously
synchronized with Office 365 will be checked for changes since the last time directory
synchronization ran, and any changes will be updated in Office 365. Finally, if an account in AD was
deleted, the corresponding Office 365 account will also be removed.
It is also important to note that the very first time directory synchronization runs, a
complete synchronization between AD and Office 365 is performed. Thereafter, each directory
synchronization run is only an incremental pass that addresses the delta changes between
AD and Office 365. By default, directory synchronization is scheduled to run every three
hours, but this can be configured accordingly. You will see how this is accomplished later in
the chapter.
Activating directory synchronization
Before installing the Windows Azure Active Directory Sync tool, you first need to activate
directory synchronization in your Office 365 tenant. We can accomplish this by using
Windows PowerShell or the Office 365 admin center.
However, before activating directory synchronization, if you are planning on implementing
Exchange Online in a hybrid scenario, you need to update your AD schema with Exchange
2010 SP3. Although this is a service-specific task, and we will mention it again in Chapter
11, you should update the schema now if this scenario applies to you.
