Migrate from Exchange 2010 on premise to Office 365 using dirsync/sso/azure

We are migrating 600 users from on premise Exchange 2010 to Office 365

We are performing a cutover migration and want to remove our existing on premise Exchange (therefore no hybrid)
From all the scenarios to keep password sync from on premise to Office 365 we require ADFS/Dirsync.

We want redundancy but we do not want to keep more servers for Office 365 than we had for Exchange. ie 2 ADFS, 2 DIRSYNC, 2 DIRSYNC proxy

Can we just deploy the Windows Azure dirsync with password sync and will this replace the ADFS feature.

We only need the password sync option and the users should only login with their credentials once.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James HodgeManaging DirectorCommented:

Active Directory Federation Services (ADFS) allows a user to authenticate only once (Single Sign On) and be able to successfully access resources on the Office 365 Federated Server.

Directory synchronisation (DirSync) now supports the synchronisation of passwords from the on-premise Active Directory to the Cloud. This means that the user can sign onto Office 365 services using the same credentials they used to login to their domain computer.

This is called ‘Same Sign On’; it is not the same as ‘Single Sign On’. Same Sign On means the user still has to type in their credentials when accessing resources at the cloud service.

The Same Sign On functionality provided by DirSync is a compromise solution. DirSync is easier to implement than ADFS and Single Sign On, but the user experience is not as seamless.

Good Luck


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vasil Michev (MVP)Commented:
As James explained, dirsync password sync and ADFS are a bit different. It all depends on your requirements.

If you are going to use only Exchange Online, you can work around the Outlook password prompt by using the Credentials Manager (you will still get a prompt once the password is changed). If you are going to use more services, especially SharePoint, it might become a bit annoying for the users. If you set their expectations correctly, they might be OK with it :)

For detailed comparison between AD FS and dirsync password sync review these:


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.