Directory synchronization roadmap
Published: April 16, 2012
Updated: February 28, 2013
Applies To: Office 365, Windows Intune
|This topic provides online help content that is applicable to multiple Microsoft cloud services, including Windows Intune and Office 365.|
If your company has existing user and group accounts in an on-premises Active Directory environment when you subscribe to a Microsoft cloud service, there are tools for synchronizing those accounts to Windows Azure Active Directory where a copy of those accounts are also stored in the cloud. By using the Windows Azure Active Directory Sync tool, your company’s administrators can keep your on-premises Active Directory continuously synchronized with Windows Azure AD. Directory synchronization is intended as an ongoing relationship between your on-premises environment and Windows Azure AD.
|Using Office 365? Directory synchronization allows you to not only create synchronized versions of each user account and group, but also allows global address list (GAL) synchronization from your on-premises Microsoft Exchange Server environment to Microsoft Exchange Online.|
Here are some important choices to consider before you set up directory synchronization:
Single sign-on: We recommend that before you set up directory synchronization, you set up single sign-on. It enables your users to sign in to the cloud service by using their corporate credentials. To get started, see Prepare for single sign-on.
Compliance: You should determine whether you require directory auditing to capture events such as creating users, resetting passwords, and adding users to groups. For more information about auditing, see Audit account management.
Note that security logging may be disabled by default; you will have to understand how to enable it for your organization.
|Using Office 365? Due to recent changes to the directory synchronization infrastructure, you now have more flexibility in how you use directory synchronization for email migration and single sign-on scenarios. For more information, see Directory synchronization and source of authority and Exchange Hybrid Deployment and Migration with Office 365.|
Perform the following steps to prepare for, implement, and manage directory synchronization for your organization:
Step 1: Prepare for directory synchronization
Learn how to verify system requirements, create the right permissions, and allow for performance considerations. For more information, see Prepare for directory synchronization.
Step 2: Activate directory synchronization
Then, learn how to activate directory synchronization for your company. For more information, see Activate directory synchronization.
Step 3: Set up your directory synchronization computer
Install the Windows Azure Active Directory Sync tool. If you’ve already done so, learn how to upgrade, uninstall, or move it to another computer. For more information, see Set up your directory sync computer.
Step 4: Synchronize your directories
Perform an initial sync and verify that the data synchronized successfully. You will also learn how to configure the Directory Sync tool to set up recurring synchronization and how to force directory synchronization. For more information, see Use the Configuration Wizard to sync your directories.
Step 5: Activate synced users
After you have synchronized your directories, you must activate the users before they can use the services you have subscribed to. You can do this individually or in bulk. For more information, see Activate synced users.
Step 6: Manage directory synchronization
Learn how to maintain your directory synchronization, including how to update users and domains after synchronization has been activated. You’ll also learn how to change passwords and network proxy settings. For more information, see Manage directory synchronization.