{"id":28761,"date":"2014-04-15T09:00:42","date_gmt":"2014-04-15T16:00:42","guid":{"rendered":"http:\/\/www.microsoft.com\/?p=28761"},"modified":"2024-08-12T16:14:18","modified_gmt":"2024-08-12T23:14:18","slug":"synchronizing-your-directory-with-office-365-is-easy","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/blog\/2014\/04\/15\/synchronizing-your-directory-with-office-365-is-easy\/","title":{"rendered":"Synchronizing your directory with Office 365 is easy"},"content":{"rendered":"\n

Paul Andrew is technical product manager for Identity Management on the Office 365 team.<\/em><\/p>\n\n\n\n

If you\u2019re just getting started with Office 365, you\u2019re probably considering how to extend the user directory that you use for accessing internal resources for connecting to cloud resources. The simplest way to achieve this is with the Windows Azure Active Directory Sync Tool (DirSync). This tool runs on a Windows Server machine on your network and synchronizes users to the cloud. DirSync has a wizard-driven install and can be set up in just a few minutes. You should be able to synchronize your directory to Office 365 in under a day.<\/p>\n\n\n\n

This blog post provides the basic information you need to successfully implement DirSync. It also points you to more detailed information, for cases not addressed here. Specifically, it covers what you should review before you synchronize your directory with Azure Active Directory. Office 365 uses Azure Active Directory for storing all user accounts, for all directory lookup, and for doing user sign-in authentication.<\/p>\n\n\n\n

\"Identity_is_easy_00\"<\/figure>\n\n\n\n

DirSync sends user accounts to Office 365 as a starting point for federated single sign-in, or both user accounts and password hashes for same sign-in.<\/i><\/p>\n\n\n\n

Single sign-on and same sign-on<\/h2>\n\n\n\n

If you have an on-premises directory then you are going to be choosing between DirSync with password sync and DirSync with Active Directory Federation Services. The DirSync tool is common to both of these scenarios. Single sign-on is where users are signed in to Office 365 automatically and with no password required when they are already signed in to their domain-joined PC. Single sign-on requires both DirSync and Active Directory Federation Services to be configured. DirSync with password sync can provide what we call \u201csame sign-on,\u201d where the sign-in to Office 365 is always the same password that is used on the PC, but the password must be either retyped or saved on the client. By going with same sign-on and requiring that extra password entry, you avoid the additional server configuration, hardware cost, and network complexity that is required for single sign-on. Also, the Microsoft Outlook rich client requires username and password to be entered even when single sign-on is enabled.<\/p>\n\n\n\n

There will be two more posts following up this one. A second post that gives detailed advice about choosing between the three identity models for Office 365 including cloud managed identities, DirSync with password sync, and DirSync with Active Directory Federation Services. And a third post where I\u2019ll describe the steps required for single sign-on and other features that come with Active Directory Federation Services (AD FS).<\/p>\n\n\n\n

If you choose AD FS then DirSync is still required to synchronize the user accounts to Office 365, so it is generally recommended that you set up DirSync and password hash synchronization first, then add AD FS later.<\/p>\n\n\n\n

Setting up DirSync and password hash synchronization<\/h2>\n\n\n\n

By taking certain easy steps before you install DirSync you can help ensure a smooth and successful implementation. Here are the steps:<\/p>\n\n\n\n

\"Identity_is_easy_01\"<\/figure>\n\n\n\n

Four things to review your on-premises directory for.<\/i><\/p>\n\n\n\n

1. Before you install, review your on-premises directory structure<\/h3>\n\n\n\n

One of the first steps you should take before installing DirSync is to look at the directory that you have on-premises and make sure it\u2019s healthy and ready to synchronize to Azure Active Directory. Here are a few things you need to look at:<\/p>\n\n\n\n