Active Directory synchronization: Roadmap

If your company has existing users in a local Active Directory environment when you subscribe to Microsoft Office 365 for enterprises, there are tools for synchronizing those users to your Office 365 directory. By using the Microsoft Online Services Directory Synchronization tool, your company’s administrators can keep your local Active Directory continuously synchronized with Office 365. This allows you to not only create synchronized versions of each user account and group, but also allows global address list (GAL) synchronization from your local Microsoft Exchange Server environment to Microsoft Exchange Online.

Important:
We recommend that you set up single sign-on before you set up Active Directory synchronization. Activating directory synchronization should be considered a long-term commitment to coexistence scenarios between your on-premises Active Directory and the cloud. After you have activated directory synchronization, you can edit only synchronized objects by using on-premises applications.

Here are some important choices to consider before you set up directory synchronization:

• Email migration: Active Directory synchronization is intended as an ongoing relationship between your local environment and Office 365. However, recent changes to the directory synchronization infrastructure provide you more flexibility in how you use directory synchronization for email migration and single sign-on scenarios. For more information about email migration, see Directory synchronization and source of authority and Exchange Hybrid Deployment and Migration with Office 365.
  
• Single sign-on: We recommend that before you set up directory synchronization, you set up single sign-on. It enables your users to sign in to Office 365 by using their corporate credentials. To get started, see Prepare for single sign-on.
  

  Caution:
  If you decide not to set up single sign-on, you must add and verify your company’s domains. For more information, see Work with domain names and DNS records in Office 365.

• Compliance: You should determine whether you require directory auditing to capture events such as creating users, resetting passwords, and adding users to groups. For more information about auditing, see Audit account management.
  Note that security logging may be disabled by default; you will have to understand how to enable it for your organization.
  

Perform the following steps to prepare for, implement, and manage Active Directory synchronization for your Office 365 account:

1. Prepare for directory synchronization
   Learn how to verify system requirements, create the right permissions, and allow for performance considerations. Then, learn how to activate directory synchronization for your company.
   
2. Install and Upgrade the Microsoft Online Services Directory Synchronization tool
   Install the Directory Synchronization tool. If you’ve already done so, learn how to upgrade, uninstall, or move it to another computer.
   
3. Synchronize your directories
   Configure the Directory Synchronization tool to set up recurring synchronization for your directories. You will also learn how to force directory synchronization.
   
4. Verify directory synchronization
   Verify that your recurring or forced directory synchronization was completed successfully.
   
5. Activate synced users
   After you have synchronized your directories, you must activate the users before they can use Office 365 services. You can do this individually or in bulk.
   
6. Manage directory synchronization
   Learn how to maintain your directory synchronization, including how to update users and domains after synchronization has been activated. You’ll also learn how to change passwords and network proxy settings.