1 / 41

COS301 Microsoft Office 365: Directory Synchronization

COS301 Microsoft Office 365: Directory Synchronization. Mike Kostersitz Program Manager Microsoft Corporation. Agenda. Who did we build Office 365 DirSync for? What does it do for our customers ? New V2 f eatures Demo Discovery Setup Configuration Installation requirements

elga
Télécharger la présentation

COS301 Microsoft Office 365: Directory Synchronization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COS301Microsoft Office 365: Directory Synchronization Mike Kostersitz Program Manager Microsoft Corporation

  2. Microsoft Confidential Agenda • Who did we build Office 365 DirSync for? • What does it do for our customers? • New V2 features • Demo • Discovery • Setup • Configuration • Installation requirements • DirSync futures 3

  3. Microsoft Confidential DirSync : Who Did We Build It for? • Mid-market IT Generalists that have: • Microsoft® Active Directory ® • Microsoft Exchange • One Active Directory forest • Often just one domain • 2200+ v1.0 DirSync customers • Average customer syncs 1250 objects • Largest syncs 150k objects • Microsoft syncs 500k+ objects • Key investments • Enables ALL services/workloads, not just Exchange • Appliance-like • Zero ILM configuration • Most customers don’t know they have ILM! • Also works for largest Enterprises • Microsoft will sync 700k+ objects with W14 • Microsoft Windows PowerShell®–based advanced configuration 4

  4. Microsoft Confidential What Does DirSync Do? • Enables “Identity” and “Application” coexistence • Identities are managed on-premise • Syncs users, groups, and contacts • Enables easy identity federation • Enables application coexistence (Exchange and Office Communicator) • Application coexistence – On-premise Mail and OC services work with their corresponding cloud services (OC users on-premise IM cloud users and Mail on-premise routes to the cloud, and vice versa) • Enabler for Exchange “Rich Coexistence” features • Including write-back to on-premises directory 5

  5. Microsoft Confidential Office 365 DirSync Overview • Core DirSync features supported in V1: • Full shared GAL • Rich messaging (Full format) • Meeting requests • Works over the Internet • Appliance-like setup ** Dirsync does not require Exchange to exists on premises ** 6

  6. Office 365 DirSyncNew Features • Identity coexistence – where identities are mastered on-premises • Conference room stays a Conference room • Support for identity federation • Support for application coexistence (Mail, OC ) • Syncs security groups • Syncs additional on-premise data (i.e., photos), enabling richer experience • Proxies for contacts and mail-enabled users are respected (unchanged) • Support for Rich Coexistence features (delegation)

  7. Office 365 DirSyncNew Features cont. • Free/Busy coexistence (w/ Exchange Server 2010 CAS server on premise) • Supports additional Rich Coexistence with Exchange Server 2010 (Cloud Archive, Filtering Coexistence, Delegation)

  8. Office 365 DirSyncChanges from V1 • New quota limit at 10.000 Objects • Open SR to increase

  9. Microsoft Confidential When to Use DirSync Onboarding Options • Small company • Small to medium-size company • Long-term coexistence • Just provision users and GO ! • MOAC • Everyone onboarded at once • No retention of legacy mailbox data • Pro: Easy to deploy, good for smaller organizations • Con: Loss of old content • Provision users in bulk (Office 365 APIs) • Pro: Easy to onboard a larger number of users • Con: End-user satisfaction with missing data • Con: No coexistence • Admin implements DirSync and DirSync provisions all users, groups, and contacts to MSO • Pro: Identities managed on premises • Pro: Includes coexistence • Pro : Free/Busy coexistence • Con: Requires an appliance on-premises as a long-term commitment. DirSync should be viewed as a long-term commitment – the customer has chosen to enabled identity coexistence and master their identities on premises 10

  10. Microsoft Confidential What to Ask During Planning • Do you plan to enable Federation with Microsoft Online? • If the organization plans to enable Identity Federation (SSO) by enabling Active Directory Federation Services (ADFS) and Federation with Microsoft Online, we recommend that this happen before Directory Synchronization is enabled • Did you register your domains up front? • Is your Active Directory clean (i.e., duplicatesor malformed objects, etc.) • You will be getting warnings/errors from Microsoft Online DirSync for all problematic/ dirty objects 11

  11. Microsoft Confidential Key Customer Choices • Simple Coexistence • DirSync synchronizes identities • No on-premise E14 Client Access server • Rich Coexistence • DirSync synchronizes identities • Customer has E14 Client Access server on premise • Customer has enabled Rich Coexistence features in DirSync • DirSync enables some new Exchange Rich Coexistence features (Filtering Coexistence, Cloud Archive) • Filtering Coexistence: Is the customer already using an existing filtering solution? • Cloud Archive: Enables the on-premise EMC admin to specify who should get a Cloud Archive; requires E14 Client Access server on premises 12

  12. Microsoft Confidential Rich/Advanced Coexistence Summary • Rich coexistence scenario for long-term, high-fidelity coexistence • Free/Busy and Calendar sharing between on-premises and cloud • Seamless mailbox migration between on-premises and cloud (and back), driven out of Exchange Management Console • Cloud Archive • Filtering Coexistence • Customer is willing to place Exchange Server 2010 server(s) on-premise (extend schema, etc.), even if Exchange Server 2010 on-premise is not an intended mailbox-move destination • Allows partial moves (pilots, etc.) 13

  13. Microsoft Confidential Exchange Rich Coexistence FeaturesDirSync “Write Back” 14

  14. Microsoft Confidential DirSync and Identity Federation Work Flow 1. Plan (Read doc) 2. Prepare 3. Establish federation and/or coexistence Set up Identity Federation Configure and perform DirSync Add and Verify SMTP domains Configure Services Install DirSync Enable CCS for coexistence GO Admin Portal Microsoft Online IdentityTool DNS Administration Online Services Configuration Microsoft Online DirSync Tool 4. License Users License users Admin Portal 15

  15. Microsoft Confidential Installation and Configuration demo 16

  16. Microsoft Confidential

  17. Microsoft Confidential

  18. Microsoft Confidential

  19. Microsoft Confidential

  20. Microsoft Confidential

  21. Installation 54 MB, Single File Download 23 Microsoft Confidential

  22. Microsoft Confidential Configuration admin@mikek.me mikek.local\Administrator wwwwwwwwww wwwwwwwwwwwwwwww 24

  23. Microsoft Confidential Drilldown: Full vs. Delta Syncs • After the install • Microsoft Online DirSync will sync the entire forest • Single forest only • Syncs all users, mail-enabled groups, security groups, and contacts • Initial Full Sync can take some time, depending on the number of objects • Subsequent syncs (Delta Syncs) • Default every three hours • Syncs all changes on premise to Microsoft Online • Can be very quick, depending on the rate of change on premise 25

  24. Microsoft Confidential Full and Delta Syncs • First Sync will require a “Full Sync” of all objects (users, contacts, and mail-enabled groups) in the customer’s Active Directory • Sync time will be published shortly (still in Test Phase) • Delta Syncs happen every three hours and sync anything that has changed on premise 26

  25. Microsoft Confidential Directory Synchronization demo 28

  26. Microsoft Confidential Forcing Synchronization • You can force synchronization by using the commandlets • Open the commandlet MSO Directory SyncConfigShell.psc1 from the Microsoft Online Directory Sync install directory • COMMANDLET Start-OnlineCoexistenceSync 29

  27. Installation Dependencies • Supported Operating Systems • Microsoft Windows Server® 2003 SP2 x86 • Microsoft Windows Server 2008 x86 • Prerequisites • Microsoft .NET Framework 3.5 (reboot) and Microsoft Windows PowerShell® v1.0 (no reboot) • Not a domain controller • Domain-joined machine • Can synchronize from source forests running: • Microsoft Windows Server 2000 • Microsoft Windows Server 2003 • Microsoft Windows Server 2008 • Microsoft Windows Server 2008 R2 • Bundles into the single file download: • Microsoft SQL Server® Express • Microsoft Identity Lifecycle Manager 2007 –“SpecialMicrosoft Online version” • No customer purchase for most customers beyond providing a server 30

  28. Microsoft Confidential DirSync Building Blocks • Microsoft Windows Server 2003 SP2 or higher & Win2008 • Based on Identity Lifecycle Manager 2007 Sync Bus (ILM 2007) • Formerly known as Microsoft Internet Information Services (IIS) • Uses SQL Server Express SP3 • If object count exceeds 50K objects, we recommend full SQL • Supports Microsoft SQL Server 2005 / 2008 • MSI for installer 31

  29. Microsoft Confidential Synchronization Errors • Synchronization errors are communicated to the IT Generalist via email • Tech Contact is a very important to Microsoft Online DirSync for communication of sync health, errors, etc. • Common errors include: • Proxies with forbidden characters (apostrophes, &, %) • Duplicate proxies • Administrators can address these errors through on-premise changes 32

  30. Microsoft Confidential DirSync: Manual Upgrade • Upgrades require a full synchronization • Objects on premises are “hard matched” based on the Source Object GUID to accounts synchronized with the prior version of Microsoft Online DirSync 33

  31. Microsoft Confidential Futures – Post GA • Moving appliance to Microsoft Forefront® Identity Manager 2010 • Support for 64-bit machines only • Performance improvements • Multi-forest solution • Microsoft Online MA • Transfer Service Oriented Architecture (SOA) • Enable ability to turn DirSync off and manage objects in the cloud • Soft delete (logical delete) 34

  32. Microsoft Confidential Microsoft Online MA • Enables larger multi-forest customers to onboard users from any forest to Office 365 • Requirements: • Customer needs to ensure that their Identity Lifecycle Manager metaverse (MV) contains required Microsoft Online data • Customer needs to enforce a few business rules within their ILM instance • Timing – post GA (a point release after GA) 35

  33. Microsoft Confidential MSO MA – Implementation DirSync appliance Microsoft Online Management Agent 36

  34. Track Resources • Read more about Microsoft Online Services – www.microsoft.com/online • Learn about the next release of BPOS, the Microsoft Office 365 Suite - http://office365.microsoft.com • Continue the conversation • Microsoft Online Services Team Blog – http://blogs.technet.com/msonline • Facebook Fan Page – http://www.facebook.com/MicrosoftOnlineServices • You Tube Channel – http://www.youtube.com/user/msonlineservices • Twitter – http://twitter.com/msonline

  35. Additional BPOS and Office 365 Sessions

  36. Session Evaluations Tell us what you think, and you could win! All evaluations submitted are automatically entered into a daily prize draw*  Sign-in to the Schedule Builder at http://europe.msteched.com/topic/list/ * Details of prize draw rules can be obtained from the Information Desk.

  37. Question & Answer Microsoft Confidential

  38. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related