Forum Discussion
O365 AD Connector?
I have inherited a hybrid O365/On-Prem solution with my company.
What we have is a local only Active Directory and O365 subscriptions, this means that users currently have one password to logon to the network here and another for their emails etc...
I want to setup the AD connector so that these details are sync'd.
My initial question is what will happen if I setup the AD connector today? I would assume that all my local AD accounts, groups etc... will be copied to my O365 however there will be duplicates i.e. JSmith has an AD account and an O365 subscription usernames will be the same.
Any help much appreciated.
- what do you mean by "hybrid"? that typically means that accounts are created on-prem and sent to O365 and the only way to do this is with Azure AD Connect. It may already be setup.
Hi Paul,
Whatever you do, do not take installing and configuring Azure AD Connect lightly! I know (from experience, unfortunately) that one wrong checkbox can ruin your weekend, and possibly much longer than that. You'll want to involve any other admins that run Microsoft services at your company, too, as once that sync is made there is no going back and it can greatly affect any and all Microsoft services in your environment.
Make sure you understand all your options around hybrid O365 identities before you decide how to set up your environment. Additionally, make sure you review how Azure AD Connect will "match" your existing user accounts and check for duplicates - this is another one of those things that you can't undo once it is set. And make sure that your user accounts actually meet all the requirements before going too far down that road.
Best of luck!
- Absolutely correct about reading up on the topic! If done right, this is pretty straightforward and not that complex! Troubleshooting a faulty setup however, could very much be :)
Although, you’re a little harch! The sync can very much be undone
Adam- Hi Adam,
There are some scenarios that are easier to undo than others, certainly, but there are others that require potentially destructive changes to break the sync. Setting up hybrid identities should never be something an administrator just decides to do on a whim because the application itself is easy to install.
Hi, Ad connect is made of 3 component, Monitoring,ADSF and Sync services which will ONLY help you do INTEGRATE your on premise AD and Azure AD to SYNC and monitor ONLY the users that you select and pls not to assume that all your local AD accounts, groups etc... will be copied to my O365 ... 2 good hints, is to just make sure those users are routable UPN names and that your SYNC is a one way Traffic...... Another good suggestion I have for you is that, since ADSF is a component of AD Connect I will enable it during the setup of AD connect, because if you decide in the near future to have a ful blown SSO then all you will only need to DO, is to setup ADSF Farm and Trust using Powershell between your On premise AD and Azure AD. Good Luck
- He should set up adfs from the adconnect if not using it at all right now! Also I recommend using pass-through auto and seamless sso instead of ADFS! Works for “most” scenarios!
Have a look at this:
Is the UPN the same on-prem and in AAD/O365?
Quadrotech - Management, Reporting and Migration for Office 365
- No the UPN's are all set to the local domain i.e. %USERNAME%.DOMAIN.LOCAL
If you don't want to have new/duplicate users, this would be the first thing you need to adjust prior to a migration.
Quadrotech - Management, Reporting and Migration for Office 365 and Exchange
No the UPN's are all set to the local domain i.e. %USERNAME%.DOMAIN.LOCAL
Hi!
I guess what you mean its separated right now and not hybrid (connected) yet..
What you wanna do is setup the ADConnect and probably filter byOU (most common) which objects you wanna sync..You can then only sync the users/groups you want, also test things out..
You have to add the Office 365 UPN to the users you are syncing! Many AD's today have a UPN of user1@company.local or such..If you have company.com as a domain in office 365, (your 365 users have a mail of user1@company.com for example) company.com must be added as a UPN in AD and set on the users which to be synced ( Same UPN)
Regarding the accounts that exists in your Office 365 tenant today, they can be merged with the accounts in AD.
If UPN's and proxyaddress is matching the 2 users will do a soft match and not end up duplicated
Read more here:
