AAD Sync implementation. Questions and help needed.

D

dalearyous

[H]ard|Gawd
Joined
Jun 21, 2008
Messages
1,922
so this news came out last week:
http://microsoft-news.com/azure-act...on-services-has-reached-general-availability/

i am in the process of building out a new DC from scratch i can't help but think i should implement SSO. client currently uses office 365 with around 100 users. has anyone used this? fortunately the active directory domain name is an internet resolvable domain name so that should simplify some things. are there any guides? would this be a good place to start? http://msdn.microsoft.com/en-us/library/azure/dn757602.aspx
 
so for anyone wondering, this is very interesting.

the new AAD Sync tool does not require ADFS. it isn't exactly true single sign on but it does do AD sync and password sync which is pretty much all i needed.

what i did was sign up for the free trial of microsoft azure using the admin email address associated with our O365 account. from there you can enable directory sync and download the directory sync config wizard tool thing. when you run it, it requires local AD credentials and the O365 credentials. when you are finished going through the wizard your local AD will sync to your O365 account and all the users can now be added to your local AD and synced with O365. and yes the password sync works too.

you can force the sync through powershell by doing the following:
Code: 
Import-Module DirSync
Start-OnlineCoexistenceSync

there are a few things that i don't quite understand. You cannot add multiple email address to your users in local AD so if you had alias emails or multiple emails for a user you cannot add them in the O365 portal anymore because the local AD is now in charge. i need to figure out how to set it so all exchange stuff can still be edited through O365. fortunately all the licensing information is retained for the user. i also don't know what is the unique identifier is that it is using to match up users. when i added the existing O365 user to local AD, it sync'd and replaced the details for that specific user.
 
Last edited:
You must log in or register to reply here.
Back
Top