Active Directory synchronization with Office 365
Once upon the time there was customer asking if we can help them with integration their Active Directory with Office 365 cloud. The main request was to sync Active Directory users into Office 365 cloud and then test Office 365 applications on their computers.
Registration for free Office 365
First you need to check prices and packages you want to use. I wanted to test it so I registered HERE. In free month you can use licences for 10 users. Don’t forget to register for Office 365 Midsize Business, only this version of Ouffice 365 can sync AD. After registration I have received e-mail with my account to log into Office 365 portal. After firt logon there is really not to many things to configure. I have to notice that I received testing domain @AtosSlovakia.onmicrosoft.com. This is what you need to have.
So I have my playground setup:
Domain name: DOMAIN.LOCAL
- Domain controller: MT-SERVER01.DOMAIN.LOCAL
- Server which will synchronize data into cloud Office 365: MT-SERVER02.DOMAIN.LOCAL
Computer which will do synchronizaction needs to accomplished couple conditions:
Must have Microsoft .NET Framework 3.x
- In cannot be domain controller
- Must be part of the domain
- It can be Windows Server 2008, Server 2008 R2 or Server 2012
- If you have less than 50 000 objects in AD which you want to sync you can use Microsoft SQL Server 2008 Express. Other way you need to use “normal” SQL
- Active Directory forest functional mode has to be Windows Server 2003 and higher
I also need to generate some users in domain which I will upload into cloud. I just have created 50 bulk users using following powershell script:
I have received testing domain suffix from Office 365 @AtosSlovakia.onmicrosoft.com so I have to set it as aditional UPN for new created users:
Open Active Directory Domain and Trusts
- Right click on Active Directorz Domains and Trusts and click Properties
- Type defined UPN and click OK
Setup Active Directory Synchronizaction
When you log on Office 365 portal you go to “users and groups” and select Active Directory synchronization Set up.
Then you have to complete 6 steps (not really work to do) to make it work:
Activation of AD Sync tool can take about 24 hours:
While we will wait for activation of feature, let’s install Directory Sync Tool on server MT-SERVER02.DOMAIN.LOCAL.
Installing Directory Sync tool
I had to download Windows Azure Active Directory Sync tool. Follow installation wizard to install tool (Next, Agree, Next, …
and let run AD Sync Tool. Let’s start AD Sync Tool and configure synchronization.
I input Azure AD account into tool:
I input local Enterprise admin account (this account is not stored anywhere):
I don’t want Hybrid Deployment:
I want to enable Password Sync, so account in my domain will have same password on Microsoft cloud:
And I’m all set:
And I select to sync now:
After couple seconds I saw all my accounts in Office 365 portal:
There are also events that synchronization was successful:
So this is all. When you want to filter account you can do it based on couple condition. You can read more here.
When I check one user I allow him all features:
And now I can login with account synced from AD (also with same password) to Office 365 portal and I can download Office 365 application.
That’s all folks.