Tag Archives: Windows Azure Active Directory

Implementing Directory Synchronization

Updated: November 11, 2015,
Updated: April 20, 2018

In an earlier blog I explained the differences between Cloud Identities, Linked Identities and Federated Identities. The source of authority (i.e. where the accounts are managed) for Cloud Identities is Microsoft Online and for Linked and Federated Identities the source of authority is your on-premises Active Directory. To get these accounts in Azure Active Directory (Office 365) you have to setup a directory synchronization between Active Directory and Azure Active Directory.

As explained earlier I prefer to use a dedicated DirSync server instead of installing DirSync on your Domain Controller (which is possible and supported). When using a dedicated DirSync server, you can keep your Domain Controllers identical and work on your Domain Controllers while not affecting your DirSync server. We now will build a configuration like this:

Implemented DirSYnc server

There are two options when setting up Directory Synchronization between your on-premises Active Directory and Windows Azure Active Directory:

  • DirSync as a tool that can be downloaded from the Microsoft Online Portal. This is the ‘original’ DirSync tool which can be installed on a Domain Controller or on a dedicated DirSync server. This tool will be decommissioned somewhere in the (near) future.
  • Microsoft Azure Active Directory (WAAD) Sync Services, the new DirSync tool that can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=44225. This tool has the option to synchronize a multi-forest topology with one tenant in Office 365.

Note. On June 24, 2015 Microsoft has released the Azure AD Connect & Connect Health. Azure AD Connect is the latest version of the Directory Synchronization. This blog is based on the previous Azure AD Sync, but I strongly recommend you look into the Azure AD Connect tool (there are a lot of similarities) which you can download from the Download center.

Added note on April 20, 2018. Azure AD Connect is now the only supported version for implementing directory synchronization. It is updated on a regular basis and available via the Azure AD Connect download. If you perform a default installation, Azure AD Connect will automatically update itself when a new version is available.

Continue reading Implementing Directory Synchronization

Manage Domains in Office 365 using PowerShell

In a previous blogpost I showed you how to create new domains in Office 365 using the Microsoft Online Portal. You can do the same using PowerShell which can be much more interesting, especially for partner reselling Office 365 through the Cloud Solution Provider (CSP) program. If you want to know more about PowerShell, check my previous blog post Manage Office 365 with PowerShell.

Add a new domain

Adding a new domain in Windows Azure Active Directory can be broken down into three steps as we’ve seen in adding a domain using the Microsoft Online Portal:

  • Add and validate the actual domain;
  • Configure and validate DNS records (domain purpose);
  • Configure or add users;

These steps will be described in the following sections

Add and validate the actual domain

To add a new domain you can use the New-MsolDomain command. The –Name option is used to pass the domain name and the –Authentication option is used to pass the type of domain, which is either Managed or Federated. The latter is used in a federated environment with Directory Synchronization and ADFS, so in this example we use ‘Managed’:

New-MsolDomain –Authentication Managed –Name office365labs.nl

image Continue reading Manage Domains in Office 365 using PowerShell