Hello O365 experts,<\/p>\n

Advertisement

Close

I am in the preparation stages for Office 365 deployment for about 25 users. All users are in single forest, single domain on Windows 2012R2 and we run Exchange 2010 SP3 on Windows 20082.Since our local AD has a non-routable suffix (ourdomain.lan).<\/p>\n

Advertisement

Close

I plan to first add alternative UPN suffix (ourdomain.com<\/a>) and then change all the user logins to that new suffix ([email protected] to [email protected]<\/a>)…<\/p>\n

Our Exchange server emails are in [email protected]<\/a> format.<\/p>\n

We plan to subscribe to the Business Premium plan which includes Exchange Online.<\/p>\n

From what I understand, to improve user experience with a Same-Sign-On, we will need to setup Azure AD Connect.<\/p>\n

I’d like to know if it’s possible to limit synchronization to password only. All AD management should be local - no other integration with Azure AD.<\/p>\n

Question(s):<\/p>\n

\n
1. Which synchronization options must be configured in Azure AD Connect if all we want to do is a one-way password synchronization (Same-Sign-On)?<\/li>\n
2. Will domain users who currently login with domain\\user<\/strong> be able to access O365 transparently (not be prompted again for [email protected]<\/a> login)<\/li>\n<\/ol>\n

   I did see Azure AD Sync just password for O365<\/a> - it dates back to May 2017 and and does not answer Question 2.<\/p>\n

   Thank you for ANY pointers on this - there is a massive amount of documents on MS O365 site and questions posted there seem to remain either not answered or answered after many weeks/months.<\/p>","upvoteCount":2,"answerCount":4,"datePublished":"2018-01-22T23:56:41.000Z","author":{"@type":"Person","name":"k40784516","url":"https://community.spiceworks.com/u/k40784516"},"suggestedAnswer":[{"@type":"Answer","text":"

   Hello O365 experts,<\/p>\n

   I am in the preparation stages for Office 365 deployment for about 25 users. All users are in single forest, single domain on Windows 2012R2 and we run Exchange 2010 SP3 on Windows 20082.Since our local AD has a non-routable suffix (ourdomain.lan).<\/p>\n

   I plan to first add alternative UPN suffix (ourdomain.com<\/a>) and then change all the user logins to that new suffix ([email protected] to [email protected]<\/a>)…<\/p>\n

   Our Exchange server emails are in [email protected]<\/a> format.<\/p>\n

   We plan to subscribe to the Business Premium plan which includes Exchange Online.<\/p>\n

   From what I understand, to improve user experience with a Same-Sign-On, we will need to setup Azure AD Connect.<\/p>\n

   I’d like to know if it’s possible to limit synchronization to password only. All AD management should be local - no other integration with Azure AD.<\/p>\n

   Question(s):<\/p>\n

   \n
   1. Which synchronization options must be configured in Azure AD Connect if all we want to do is a one-way password synchronization (Same-Sign-On)?<\/li>\n
   2. Will domain users who currently login with domain\\user<\/strong> be able to access O365 transparently (not be prompted again for [email protected]<\/a> login)<\/li>\n<\/ol>\n

      I did see Azure AD Sync just password for O365<\/a> - it dates back to May 2017 and and does not answer Question 2.<\/p>\n

      Thank you for ANY pointers on this - there is a massive amount of documents on MS O365 site and questions posted there seem to remain either not answered or answered after many weeks/months.<\/p>","upvoteCount":2,"datePublished":"2018-01-22T23:56:41.000Z","url":"https://community.spiceworks.com/t/limit-azure-ad-connect-synchronization-to-password-only/630201/1","author":{"@type":"Person","name":"k40784516","url":"https://community.spiceworks.com/u/k40784516"}},{"@type":"Answer","text":"

      Which synchronization options must be configured in Azure AD Connect if all we want to do is a one-way password synchronization (Same-Sign-On)? \n<\/code><\/pre>\n
      I think Microsoft ADFS<\/a> will do your requirement. Single your requiremnt is based on Single Sign On than Same Sign On<\/p>","upvoteCount":0,"datePublished":"2018-01-23T05:41:27.000Z","url":"https://community.spiceworks.com/t/limit-azure-ad-connect-synchronization-to-password-only/630201/2","author":{"@type":"Person","name":"gopal-bdrsuite","url":"https://community.spiceworks.com/u/gopal-bdrsuite"}},{"@type":"Answer","text":"
      Thanks for the suggestion but AD federation is exactly what we want to avoid.<\/p>\n
      I was looking to determine which Options must be configured, and which should be disabled, at the initial setup of AD Connect to allow for Same-Sign-On (not Single-Sign-On).<\/p>\n
      We want to avoid AD integration to Azure AD as much as possible.<\/p>","upvoteCount":0,"datePublished":"2018-01-23T14:52:54.000Z","url":"https://community.spiceworks.com/t/limit-azure-ad-connect-synchronization-to-password-only/630201/3","author":{"@type":"Person","name":"k40784516","url":"https://community.spiceworks.com/u/k40784516"}},{"@type":"Answer","text":"
      ADConnect will allow you to select the attributes you want to sync but by default, most/all of what it syncs you want - DL memberships, proxy addresses, many attributes you want for the GAL - display name and so forth.<\/p>\n
      Really no reason to unselect any of that.<\/p>","upvoteCount":0,"datePublished":"2018-01-23T15:00:08.000Z","url":"https://community.spiceworks.com/t/limit-azure-ad-connect-synchronization-to-password-only/630201/4","author":{"@type":"Person","name":"da-schmoo","url":"https://community.spiceworks.com/u/da-schmoo"}}]}}