Presentation is loading. Please wait.

Presentation is loading. Please wait.

RequirementsDeployment Options 2 3 Dirsync Overview 1 Understanding Synchronization 4.

Published byClara Barber Modified over 9 years ago

Similar presentations

Presentation on theme: "RequirementsDeployment Options 2 3 Dirsync Overview 1 Understanding Synchronization 4."— Presentation transcript:

1

2 RequirementsDeployment Options 2 3 Dirsync Overview 1 Understanding Synchronization 4

3 3

4

5

6

7 Directory Synchronization Options Suitable for small/medium size organizations with AD or Non-AD Performance limitations apply with PowerShell and Graph API provisioning PowerShell requires scripting experience PowerShell option can be used where the customer/partner may have wrappers around PowerShell scripts (eg: Self Service Provisioning) PowerShell & Graph API Suitable for Organizations using Active Directory (AD) Provides best experience to most customers using AD Supports Exchange Co-existence scenarios Coupled with ADFS, provides best option for federation and synchronization Supports Password Synchronization with no additional cost Does not require any additional software licenses Suitable for large organizations with certain AD and Non-AD scenarios Complex multi-forest AD scenarios Non-AD synchronization through Microsoft premier deployment support Requires Forefront Identity Manager and additional software licenses

8

9

10

11 Windows Azure Active Directory User Multi-forest AD support is available through Microsoft-led deployments Multi-forest DirSync appliance supports multiple dis-joint account forests FIM 2010 Office 365 connector supports complex multi-forest topologies On-Premises Identity Ex: Domain\Alice Federation using ADFS AD DirSync on FIM AD

12 Windows Azure Active Directory User Preferred option for Directory Synchronization with Non-AD Sources Non-AD support with FIM is available through Microsoft-led deployments FIM 2010 Office 365 connector supports complex multi-forest topologies On-Premises Identity Ex: Domain\Alice Federation using Non- ADFS STS Office 365 Connector on FIM Non-AD (LDAP) Non-AD (LDAP)

13 13

14 Run the Microsoft Office 365 Deployment Readiness Tool - http://community.office365.com/en-us/forums/183/p/2285/8155.aspx Analyse on-premise environment Domains User Identity and Account Provisioning Exchange Online Lync Online SharePoint Online Client Network

15 When utilising the full SQL option you must ensure that the EA account has “sysadmin” rights on the SQL database and that the Dirsync service account has “public” permissions on the Dirsync DB. From the Field Dirsync (Single Forest)must be joined to a domain within the same forest that will be synchronized Dirsync Server should never be installed on a domain controller Dirsync Server should be Windows Server 2008 (x64) By default SQL Server 2008 R2 Express is installed. 10GB database limit (approx. 50,000 objects) Full SQL Option Available. X64 Single\Multi Forest Appliance available (O365 connector also available for complex scenarios)

16 When installing Dirsync ensure that you use EA credentials and that all DC’s are accessible from the Dirsync Server. From the Field

17 Number of objects in Active Directory CPUMemoryHard disk size Fewer than 10,0001.6 GHz4 GB70 GB 10,000–50,0001.6 GHz4 GB70 GB 50,000–100,0001.6 GHz16 GB100 GB 100,000–300,0001.6 GHz32 GB300 GB 300,000–600,0001.6 GHz32 GB450 GB More than 600,0001.6 GHz32 GB500 GB

18 ServiceProtocolPort LDAPTCP/UDP389 KerberosTCP/UDP88 DNSTCP/UDP53 Kerberos Change Password TCP/UDP464 RPCTCP135 RPC randomly allocated high TCP ports TCP 1024 - 65535 49152 - 65535 1 SMBTCP445 SSLTCP443 SQLTCP1433

19

20

21 AttributeObject Type MSExchArchiveStatusUser MSExchBlockedSendersHashUser SExchSafeRecipientsHashUser MSExchSafeSendersHashUser MSExchUCVoiceMailSettingsUser ProxyAddressesUser, Contact, Group

22 22

23

24 Synced object attribute UserGroupContact (Src)Description Company Read- The person's (user or contact) company name. Department Read- The name of the person's (user or contact) department. DescriptionRead Human-readable descriptive phrases about the object DisplayNameRead The display name for an object, usually the combination of the person's first name, middle initial, and last name. List of attributes that are synced to Windows Azure Active Directory and attributes that are written back to the on-premises Active Directory Domain Services http://support.microsoft.com/default.aspx?scid=kb;en-US;2256198

25

26

27

28 Microsoft Online Services Logon Enabled User Object (Unlicensed) Mail-Enabled User (not Mailbox-Enabled) ProxyAddresses: SMTP: John.Doe@contoso.com smtp: John.Doe@contoso.onmicrosoft.com TargetAddress: John.Doe@contoso.com Logon Enabled User Object (Unlicensed) Mail-Enabled User (not Mailbox-Enabled) ProxyAddresses: SMTP: John.Doe@contoso.com smtp: John.Doe@contoso.onmicrosoft.com TargetAddress: John.Doe@contoso.com On-premises Active Directory Exchange Server DirSync Online Directory DirSync Web Service SharePoint Online Live ID Exchange Online Lync Online Sync Cycle Step 1: Import Users, Groups, and Contacts from source Active Directory forest Sync Cycle Step 1: Import Users, Groups, and Contacts from source Active Directory forest Sync Cycle Step 2: Imports Users, Groups, and Contacts from Microsoft Online Services via AWS Sync Cycle Step 2: Imports Users, Groups, and Contacts from Microsoft Online Services via AWS Sync Cycle Step 3: Export Users, Groups, and Contacts that do not already exist in Microsoft Online Services Sync Cycle Step 3: Export Users, Groups, and Contacts that do not already exist in Microsoft Online Services User Object Mailbox-Enabled ProxyAddresses: SMTP: John.Doe@contoso.com User Object Mailbox-Enabled ProxyAddresses: SMTP: John.Doe@contoso.com Users only Mail-enabled objects

29

30

31

32

33 33

34

35

36

Download ppt "RequirementsDeployment Options 2 3 Dirsync Overview 1 Understanding Synchronization 4."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Office 365 Identity Federation Technology Deep-Dive

Office 365 Identity Federation Technology Deep-Dive
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
IMAP migration Cutover migration Staged migration 2010 hybrid2013 hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.

IMAP migration Cutover migration Staged migration 2010 hybrid2013 hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
Office 365 Identity aka Azure Active Directory

Office 365 Identity aka Azure Active Directory
Integration: Office 365 Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management, UW-IT.

Integration: Office 365 Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management, UW-IT.
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.

Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.

Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync Online.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Office 365 Office 365 Overview & InfrastructureAdministering Lync Online.
2 Part 1 What should I know before I jump into the deep water? Office 365 - Subscription plans Office 365 – Trail account Office 365 – what should I know.

2 Part 1 What should I know before I jump into the deep water? Office Subscription plans Office 365 – Trail account Office 365 – what should I know.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.

User Microsoft Account Ex: User Organizational Account Ex: Microsoft Account Windows Azure Active Directory.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at

Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Similar presentations

Ads by Google