Forum Discussion

Taen keren's avatar
Taen keren
Iron Contributor
Jun 25, 2018

Guidelines for Active Directory before sync

Hello    There's a lot of guidelines for various O365 workloads and Tenant settings - but havn't found any for "Designing an AD structure" guidelines  regarding AD Connect and the use of filtering ...
admin
office 365
security
VasilMichev's avatar
VasilMichev
MVP
Jun 26, 2018

Filtering is an optional feature, which you should only use when needed. There's negligible security impact of syncing your objects to Azure AD, and adjusting the OUs/objects to sync will hardly remedy any bad decisions implemented back when the AD was designed.

 

You can think of the default configuration as Microsoft's recommendation, as mentioned here: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering

 

Spoiler
The default configuration takes all objects in all domains in the configured forests. In general, this is the recommended configuration. Users using Office 365 workloads, such as Exchange Online and Skype for Business, benefit from a complete Global Address List so they can send email and call everyone. With the default configuration, they would have the same experience that they would have with an on-premises implementation of Exchange or Lync.
Taen keren's avatar
Taen keren
Iron Contributor
Jun 26, 2018

Hi Vasil 

Thanks for your reply :) 

So when MS guidelines says "Categorize your users" and "Use groups and group-based licensing" - and we have the AD administration "on prem" only - what to do then?  .... the complete AD synced out - are 'just' to have the global address List available or am I missing something?.

Resources