Want to know the most efficient way to get your users and co-workers into the cloud? This week Jeremy Chapman is joined by Paul Andrew to explain identity options and demonstrate a few tools to make it easier to synchronize your directory services with Office 365 and Azure Active Directory.


A few weeks back we used PowerShell and a CSV file to try and get 150 users into Office 365 in the 8.5 minutes it took the space shuttle to reach orbit. From an identity perspective, that was just showing one of several ways to get users into Azure Active Directory and Office 365. This week identity expert, Paul Andrew, joins me to discuss the options for managing user accounts and passwords. There are three primary options and a few new tools to get users into Office 365 and other Microsoft cloud services:

  1. Cloud ID –  where user accounts and passwords are maintained in the cloud without an affinity to an existing directory service. Users can be added manually or via bulk import with a CSV file as demonstrated in the PowerShell show
  2. Synchronized ID – user accounts and optionally password hashes are synchronized with an existing directory service. The new Azure AD Sync tool or the existing DirSync tool
  3. Federated ID – user accounts are synchronized IDs, but passwords and authentication are managed via an on premises directory service with Active Directory Federation Services

The second and third options are automated solutions that continually look for changes in your directory service and apply those as users are added. In the past, directory synchronization would often require a lot of manual clean-up work to prepare for synchronization, but now that is easier using the IdFix tool. We’ve shown the IdFix tool in a previous Garage Series with Keith Laborde and the tool has evolved over the past year. IdFix will save you lots of time as you prepare for synchronization.

We’ve also heard from a lot of people deploying one or two services – like Office 365 ProPlus, Yammer or OneDrive for Business – that the number of things (aka directory attributes) synchronized via the existing DirSync tool were too extensive. Now with the new Azure AD Sync tool, you can select a subset of services and corresponding attributes to synchronize. In fact, you can even de-select a number of attributes within those attributes recommended per service. The tool also allows multi-forest sync and as of last week (October 27, 2014), the Azure AD Sync tool will even synchronize password hashes like the old DirSync tool. So if you’re wondering which tool to use for synchronizing your AD, the new Azure AD Sync tool is likely the right choice.

Of course, Paul demonstrates these tools on the show to prove just how easy identity can be to set up and manage. You’ll want to watch the show to see everything in action. Next week have a special Power BI show in store filmed while at TechEd in Barcelona.

See you next week!

Jeremy Chapman

More resources

Azure Active Directory on TechNet

Microsoft Azure Active Directory Sync Services download

IdFix DirSync Error Remediation Tool download

Azure Active Directory Sync tool – 64 bit download

Garage Series Video Channel

Garage Series Season 1 Blog Archive

Follow @OfficeGarage on Twitter

Office 365 Garage Series Apps for Windows Phone and Windows 8

About the Garage Series hosts

By day, Jeremy Chapman works at Microsoft, responsible for optimizing the future of Office client and service delivery as the senior deployment lead. Jeremy’s background in application compatibility, building deployment automation tools and infrastructure reference architectures has been fundamental to the prioritization of new Office enterprise features such as the latest Click-to-Run install. By night, he is a car modding fanatic and serial linguist. Paul Andrew is native of New Zealand and is an expert in Azure Active Directory services, authentication and authorization. He’s also working on improving global Office 365 networking and performance aspects.



Published: 11/5/2014 17:27