office 365 integration with on premise Active Directory

eyadnsrw · 2016-11-02T18:20:22.000Z

hi,

am setting up a new AD for a small office with 50 users, currently the emails are hosted with one of the online hosting services and am going to move the mail to office 365 service.

i will be creating users on the AD with the same names and email addresses created on office 365, and i need to sync both services (on premises AD and cloud-based office 365)

i have read some articles about the Dirsync and how to configure to do the job. my questions are:

1- can i install the Dirsync service on the same AD server (considering this is a small environment)

2- is there any extra charges for using Dirsync in this scenario (other than the charges i pay for office 365 email accounts)

3- where the management operations will happen (on AD local console or on office 365 online admin center)

i have managed local AD with exchange servers before but this my first time with this kind of installation so i will appreciate any advice on how to accomplish this without any issues.

thanks in advance

jitensh · 2016-11-02T18:23:55.000Z

This will help you

itprotoday.com

ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

IT Pro Today Homepage

learn.microsoft.com

Microsoft 365 integration with on-premises environments - Microsoft 365...

In this article, learn how to integrate Microsoft 365 with your existing directory services and on-premises environments.

tobywells · 2016-11-02T18:28:58.000Z

DirSync is no more the replacement is Azure AD Connect

Same concept but syncs almost in real time

learn.microsoft.com

What is hybrid identity with Microsoft Entra ID? - Microsoft Entra ID

Hybrid identity is having a common user identity for authentication and authorization both on-premises and in the cloud.

No charge for it

You make changes in local AD and they get replicated to Azure AD instance

jjoyner1985 · 2016-11-02T18:30:25.000Z

Technically, yes (I believe), but I think it is highly recommended that dirsync be one its own server.
No. I don’t think so.
Management will happen in 1 of 3 areas. You will manage your AD in the usual spot, ADUC. You can manage your O365 from either the Azure Active Directory powershell module or via the Office Admin Portal (if you need a GUI). I do 99% of my management through powershell for O365. It really is the better way to do things if you are going to do the same thing more than 3 three times, such as assigning country codes or licenses.

EDIT: @tobywells makes some points that I neglected to. A lot of the management between Azure Active Directory and your local AD will sync, and if AAD is configured properly, a lot of those changes will write back to your local side.

noitforyou · 2016-11-02T18:41:33.000Z

JJoyner pretty much sums up your answer. But I’ve been running DirSync all the way to the current AADConnect on a DC with no problems whatsoever.

Not even sure why it’s not recommended, other than the “sanctity” of a DC; seems like a really light-weight application to me.

jjoyner1985 · 2016-11-02T18:44:16.000Z

mike4003:

Not even sure why it’s not recommended, other than the “sanctity” of a DC;

That’s what I’m putting my money on. Plus, with virtualization and the relatively low cost of storage, spinning up a dedicated dirsync server is no big deal. Heck, it wouldn’t surprise me if that becomes one of the options for a nano server in the future.

jitensh · 2016-11-02T18:45:02.000Z

synchronized identity is the best one

erichassler · 2016-11-02T18:48:28.000Z

If you are using Hyper-V and server 2012 or 2016 you get to create 2 VM’s on the host. I highly recommend using one VM for AD and one for the AD Azure Connect utility.

-Eric

mrbostn · 2016-11-02T19:22:02.000Z

An entire f’n server just for AADSync No problems here with 70 users on a “utility server” (not a DC)

normajm · 2016-11-03T12:57:00.000Z

We have a virtualized file server and a virtualized dc server - we put DirSync on the file server…