MJB2011
asked on
How to sync office 365 with on prem AD
Hi all,
Fairly new to Office 365. Here's what I know.
We have ON prem exchange server with mailboxes that are slow being migrated to 365. We have a Forefront Identity manager on a member server that appears to be pushing changes out to 365 any AD changes being made on the domain. It appears this isn't 2 way, so its only pushing out changes. We would like to create mailboxes on 365 so that they are replicated back. Its more than possible that we are using a old method to sync. My understanding is that we have azure ad to work with now.
Can anyone advice?
Fairly new to Office 365. Here's what I know.
We have ON prem exchange server with mailboxes that are slow being migrated to 365. We have a Forefront Identity manager on a member server that appears to be pushing changes out to 365 any AD changes being made on the domain. It appears this isn't 2 way, so its only pushing out changes. We would like to create mailboxes on 365 so that they are replicated back. Its more than possible that we are using a old method to sync. My understanding is that we have azure ad to work with now.
Can anyone advice?
Dirsync is one-way, only a very limited set of attributes will be synced back on-prem. You can use the "user writeback" feature to sync users you have created in O365 to your on-prem AD, but that requires additional configuration and licenses. The feature has actually been in beta for a while now, and they even removed it from the latest versions of the AADConnect tool, so if you want to use it you have to install an older version.
There's an overview here: http://blog.enowsoftware.com/solutions-engine/a-closer-look-at-azure-ad-connect-–-part-5
There's an overview here: http://blog.enowsoftware.com/solutions-engine/a-closer-look-at-azure-ad-connect-–-part-5
ASKER
Would it not be easier to put a domain controller in Azure?
No, those are two totally different things. Azure AD has nothing to do with your on-prem AD, it's an Identity-as-a-Service database of sorts, which stores the identities of your O365 users. There are no DCs there, there are no OUs, no GPOs, etc. Yes, you can use dirsync or FIM to 'match' the on-prem users and the cloud ones, but that's all (and it's optional, the identities will still exist in O365 even without on-prem AD).
ASKER
OK, I understand. One of the issues we are facing is that we use MIMEcast for email routing. Mimecast is cloud based and has a directory sync setup with our on-prem AD. We want to be able to start creating accounts in Office365 but because 365 doesn't replicate with mimecast we have to create it AD first then wait for it to replicate. Mimecast support sent me this. https://community.mimecast.com/docs/DOC-1011
But im not sure how this helps.
But im not sure how this helps.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Refer :
https://blogs.office.com/2014/04/15/synchronizing-your-directory-with-office-365-is-easy/
https://support.office.com/en-us/article/Office-365-integration-with-on-premises-environments-263faf8d-aa21-428b-aed3-2021837a4b65