Presentation is loading. Please wait.

Presentation is loading. Please wait.

Local AD, Azure AD, & Google Suite User Management

Published byAdrian Jones Modified over 6 years ago

Similar presentations

Presentation on theme: "Local AD, Azure AD, & Google Suite User Management"— Presentation transcript:

1 Local AD, Azure AD, & Google Suite User Management
Brainstorm 2018 Slides and Questions:

2 Agenda Background information Challenges Previous Workflow
Current Tools Effectiveness Future Goals Slides and Questions:

3 About Me Technology Coordinator since 2013
Previously taught MS and HS math and computer courses Previously worked as a DBA and MES Programmer Contact Info: Slides and Questions:

4 Sioux Center Community School District
1400 students Historically a Microsoft school Google Apps in 2010 Exchange Online in 2014 1:1 Chromebooks grades 4-8 1:1 Windows PCs grades 9-12 VDI for windows next year Chromebooks 1-8, 10-12 Adding about students per year for the last 5 years Slides and Questions:

5 Previous Workflow Create local user in AD UPN Create user in Google Suite Confirm proper OU Wait for DirSync to occur Assign license manually to the user in O365 Update rosters on a variety of applications Each step required logging into a different system -Local DC -Google Admin Console -Office 365 Portal -Other Applications Even beginning of the year scripting or importing took significant time Slides and Questions:

6 Current Workflow Create local user in AD
Add AD user to license groups (optional if copying existing user) Confirm account in SIS (Infinite Campus) Wait for Google Cloud Directory Sync Update Password One place to create the login (Local AD) and then reset the password Normally we copy and existing user so the license groups (and other groups) are pre-populated Infinite Campus auto creates the user and then we just need to change the authentication method to LDAP Office secretaries populate the student field which is what Clever needs Slides and Questions:

7 Tools Azure AD Connect - us/download/details.aspx?id=47594 Google Cloud Directory Sync - Google Suite Password Sync - Azure Group Based Licensing - us/azure/active-directory/active-directory-licensing-whatis-azure-portal Clever - PowerShell LDAP(S) and SAML Clever – we use for Rostering and some SSO in our elementary A lot of our MS and HS teachers just use Google Oauth features PowerShell – I found some PS scripts that adjusted local AD and AAD instances and tweaked them to accomplish what I needed. My first run in with PS was when I accidentally deleted all the student accounts in AD from the Exchange Management Console (not knowing at that time how interconnected they were). I then used PS to re-create the bunch.

8 Summary of Project Goal: Create a single sign-on experience across multiple platforms Remove Gmail from Google Suite as the UPN and proxyaddress in AD Update usernames to first.last from frstlst (squishy name) Update MX records Connect SIS with Clever We spent quite a bit of time determining whether to use Gmail or Exchange Online. Our Google domain and our AD forest so we had to update a lot of details Updating UPNs after a license is assigned, does not update the AAD UPN. You need to run a powershell command (set userprincipalname) We did NOT use this solution but it may work for some instututions.

9 PowerShell for AD and AAD Updates
Update ProxyAddresses.ps1 Show Scripts

10 Azure AD Connect Started with DirSync and updated as the tool improved
DEMO

11 Azure AD Group Licensing
Group licensing is fairly new. This has saved me a ridiculous amount of time. We still have a lot of users who are assigned licensing from multiple sources DEMO

12 Google Cloud Directory Sync & Password Sync
Was formerly called Google Apps Directory Sync and Google Apps Password Sync The names changed but the functionality hasn’t DEMO

13 Effectiveness Everything works pretty seamlessly
Simple communication to staff about Usernames and Passwords Lots of OAUTH sites for Google Lots of control with Microsoft and some OAUTH Ability to enable SAML from either instance Thought about using Azure AD to provision accounts in G-Suite but this created a double logon (although it technically worked) Slides and Questions:

14 Shortcomings Password Resets for Staff
GCDS/GSPS wait and password reset Confusion for staff on Google Suite and Office 365 Infinite Campus Account Creations are not LDAP/SAML We thought about AAD Premium but if we migrate to Gmail this isn’t necessary. Although now with Microsoft 365 we may be able to do just that. Staff have no idea that these things are connected. So they have a hard time grasping what username and password to use on things and for the most part they can just use the same one. A few tools we use allow for either Google or O365 logins and staff aren’t sure which to use. Slides and Questions:

15 Future Goals Auto-Create AD Accounts & Password Reset
Auto Required Staff (grade teams, etc.) Migrate all LDAP to SAML authentication Possible workflow would be to have secretaries enter the student into a text doc or spreadsheet which them PowerShell pulls from and creates the user, puts them in the right OU and then another PS script reset the password. It could then the tech staff the info and we can update our spreadsheet. Or have it auto create a CSV based on an export from IC to a SMB/FTP drive Slides and Questions:

16 Questions? Slide Link: goo.gl/fT4FU2

Download ppt "Local AD, Azure AD, & Google Suite User Management"

Similar presentations

Office 365 Identity Federation Technology Deep-Dive

Office 365 Identity Federation Technology Deep-Dive
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.

Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
End and Start of Year Administration Tasks. Account Administration Deleting Accounts Creating a Leavers Group Creating New Accounts: Creating accounts.

End and Start of Year Administration Tasks. Account Administration Deleting Accounts Creating a Leavers Group Creating New Accounts: Creating accounts.
Administrative Functions Certiport Offline Learning System 2.1 Administrative Functions © Certiport, Inc. 2008. All Rights Reserved.

Administrative Functions Certiport Offline Learning System 2.1 Administrative Functions © Certiport, Inc All Rights Reserved.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Infinite Campus - Student Information System MMSD New Teachers Infinite Campus Information Welcome! Have a terrific year.

Infinite Campus - Student Information System MMSD New Teachers Infinite Campus Information Welcome! Have a terrific year.
+ Working in Your CCE Online Course Site. + Structure of CCE Online Course Sites CCE online courses use the document sharing and collaboration features.

+ Working in Your CCE Online Course Site. + Structure of CCE Online Course Sites CCE online courses use the document sharing and collaboration features.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Deploying Chromebooks RICK NICHOLAS A.

Deploying Chromebooks RICK NICHOLAS A.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
Montcalm Area Intermediate School District Tom Staten – Billy Willis – October 13, 2011 MAEDS Session 8D.

Montcalm Area Intermediate School District Tom Staten – Billy Willis – October 13, 2011 MAEDS Session 8D.
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium

Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync Online.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync Online.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Google Tools for your Classroom. 6/15/2009. Agenda 1. Google Accounts 2. What is Web 2.0? 3. Intro to Google calendar 4. Google Docs 5. Google Forms and.

Google Tools for your Classroom. 6/15/2009. Agenda 1. Google Accounts 2. What is Web 2.0? 3. Intro to Google calendar 4. Google Docs 5. Google Forms and.

Similar presentations

Ads by Google