Office 365 - AD and multiple office locations

Experts,

Need some advice from someone who has come across this before.  I have a client that will be migrating to Office 365.  They currently have 2 office locations (physical) and will be adding a third soon.  Currently running a Windows 2008 domain controller at the main office.  There is a 10MB metro link between the 2 physical locations.  That allows users to authenticate currently between buildings.  

Client will be installing a cable internet line (or fiber) into the second building and the third office buildings - so each location will have it's own internet connection.

I want to keep the main Win2008 DC in place with Active Directory.  My question is since they are moving to Office365 and sharepoint - they will essentially be moving all of their data into the cloud.  Most of their apps are web based anyway.

Now I know with Office365 they can login anywhere and use Office - they will use their current credentials with the AD that syncs up to the cloud

Do I need to install a DC at the other 2 locations, create a VPN link between all three to have the DC's sync/replicate with AD??  Or do I combine MS Azure with the current physical onsite DC and manage the user accounts that way?  or not sure Azure at all and just let the Windows AD server sync with Office 365 and the users at any office (or home location) can still be managed?

Hope that makes sense and that I gave enough information.

thank you very much for your help
mkavinskyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
Not sure if I understand the question. If you move them to O365, they will be authenticating against Azure AD (the O365 backend), which is available from anywhere as you noted above. Even when your on-prem DC is down they will be able to access O365.

If you mean dirsync (syncing the accounts to the cloud), you need a single instance on any server that can talk to the DC, even the DC itself will do. There is no replication with Azure AD in the sense AD replication works. You will manage the users and their attributes locally, and any changes will be replicated to O365/Azure AD.
0
mkavinskyAuthor Commented:
I still want to keep an AD domain controller on premise (printers, anti-virus, group policies) but I guess I'm asking will the current DC  sync with Azure?  so if I add/remove users in AD that will replicate back up to Azure/Office365

I will have Dirsync installed locally.  But you're saying if I add/remove users on the local AD then I still need to add/remove them with Azure AD? is that correct?   basically I would have to add/remove users in 2 places
0
Vasil Michev (MVP)Commented:
No, dirsync will take care of that. But the process is very different from AD replication :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mkavinskyAuthor Commented:
So then can I achieve what I need with just on AD DC running DirSync? and that will sync with Azure.  Is that correct?  Then there would be no real need to add DC's at multiple locations
0
David Johnson, CD, MVPOwnerCommented:
Do I need to install a DC at the other 2 locations, create a VPN link between all three to have the DC's sync/replicate with AD??  Or do I combine MS Azure with the current physical onsite DC and manage the user accounts that way?  or not sure Azure at all and just let the Windows AD server sync with Office 365 and the users at any office (or home location) can still be managed?
only office 365 components can be managed NOT the office/home computers so you will need a site-site vpn between DC's at the other 2 locations or a vpn from each client to the HQ location to manage the computers.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.