?
Solved

New Local Active Directory Server for an Existing Office 365 Environment.

Posted on 2016-07-27
4
Medium Priority
?
105 Views
Last Modified: 2016-07-27
Greetings,
I'm looking for a bit help with a small office using Office 365.  They have about 30 workstations but do not have a server onsite.  They are using Office 365 for Exchange, SharePoint, etc.  The problem is maintaining user accounts and network printers on all 30 workstations is getting very painful.  So, I'd like to deploy a small server and create a local AD Domain and sync all of the user accounts from Office 365 to the new DC.  I've read several articles and TechNet docs about syncing with Azure AD Sync but everything I've read deals with syncing current domains or migrating from local domains to O365 and not vice versa.  Has anyone tried doing this or know of a process for it?
0
Comment
Question by:DMJorgensen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 41731936
What you want, specifically, cannot be done. You can create a local domain.  And you can (eventually) have sync in place. But syncing is always from AD to AAD, not vice versa.

So you'll be creating the on-prem domain accounts, not just pulling them down from AAD. Once created, as long as you ensure the SMTP address property matches their primary address in Office 365, then when you do set up syncing, Office 365 will soft-match using that address and future on-prem changes will properly sync to the exiting O365 account. But you do have some initial setup to do if you go that route.
0
 
LVL 5

Author Comment

by:DMJorgensen
ID: 41731953
Awesome, that sounds like a really good time.  So, just to clarify:  I create a new empty domain, create users based on the O365 accounts / email address property, and then go through the sync process to match the local and cloud accounts?  Would it be wise to make the on-prem domain namespace a domain.local instead of the public namespace of domain.com?
0
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 41731964
You got it. As for the namespace, I am a proponent of using a subdomain of your primary public domain. So if you are company.com, going with hq.company.com or similar is not a bad way to go. That way, if you ever need to go child domain or make distinctions, yo can go seattle.company.com, sanfran.company.com, finance.company.com, etc, and keep it all internal. But you also avoid the issues of internal users needing to access a website at "company.com" and always hitting the DC as you would if you didn't use a subdomain.

Most AD experts I know now advocate this method. Existing .local domains don't need to be migrated in any short term way, but when starting fresh, this is the most sustainable method. Might as well start on the right foot.
0
 
LVL 5

Author Comment

by:DMJorgensen
ID: 41731973
Got it.  Good info Cliff, thanks for the help!
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question