Ping a Specific Port

Question

Daniel

Asked: 2017-03-11 00:37:39 +0800 CST2017-03-11 00:37:39 +0800 CST 2017-03-11 00:37:39 +0800 CST

How to integrate Office 365 Enterprise accounts with on premise AD?

772

I have a multi-site Windows Server 2012 R2 AD domain.

Up until now we have been using individual office licenses.

At one specific site, we are testing an Office 365 implementation.

How do I integrate the Office 365 accounts into the on premise AD structure so that users don't have to memorize another set of credentials for Office 365?
I've run across some guides that seem to explain how to do this, but all involve setting up stuff on the Domain Controller. What is not clear to me is:

How do I set up this integration only for the site where we are doing the rollout? It only applies to that site and specific users at that site.

Which DC do I setup the integration at? The main DC (off-site) for the entire organization? The local DC at the site where we are rolling out Office 365? If I have two DCs on site (as is best practices), do I setup integration on both DCs?

This is another part that seems nebulous to me: we have one AD across several (international) sites, but each local office will purchase and maintain their own Office 365 accounts (here I'm talking about organizational accounts not user accounts) for their own local users for accounting and licensing reasons. Is it possible to integrate multiple organizational Office 365 into a single AD? How do you set it up so that the AD / Office 365 integration knows where to find the Office 365 account?

1 Answers

Voted

BlueCompute · Answer 1 · 2017-03-11T02:10:32+08:00

You install Azure AD Connect on a server in your on-premises environment and connect it to your Office 365 tenant. Users, groups and passwords are synchronised to the cloud, creating a mirrored AD in cloud (same sign on). *An alternative option is to use ADFS to federate with Office 365 - single sign on.
You can install Azure AD Connect on any server that fits the requirements, it doesn't have to be a DC. When configuring AADC you can choose which OUs to synchronise.

Synchronising one AD to multiple Office 365 accounts (called 'tenants') is trickier but supported (with limitations). See the section in this document titled 'Each object only once in an Azure AD tenant'. Basically you install one AADC server for each tenant and configure OU filtering to synchronise the required objects from AD to each office 365 tenant.

In this topology, one Azure AD Connect sync server is connected to each Azure AD tenant. The Azure AD Connect sync servers must be configured for filtering so that each has a mutually exclusive set of objects to operate on. You can, for example, scope each server to a particular domain or organizational unit.1

A DNS domain can be registered in only a single Azure AD tenant. The UPNs of the users in the on-premises Active Directory instance must also use separate namespaces.

How to integrate Office 365 Enterprise accounts with on premise AD?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?