Title of the presentation

Download Report

Transcript Title of the presentation 

Dirsync Overview
1
Requirements
Deployment
Options
2
Understanding
Synchronization
3
4
3
Directory Synchronization Options
PowerShell & Graph API
Suitable for Organizations using
Active Directory (AD)
Suitable for large organizations with Suitable for small/medium size
certain AD and Non-AD scenarios
organizations with AD or Non-AD
Provides best experience to most
customers using AD
Complex multi-forest AD scenarios
Supports Exchange Co-existence scenarios
Non-AD synchronization through Microsoft
premier deployment support
Coupled with ADFS, provides best option
for federation and synchronization
Requires Forefront Identity Manager and
additional software licenses
Supports Password Synchronization with
no additional cost
Does not require any additional software
licenses
Performance limitations apply with
PowerShell and Graph API provisioning
PowerShell requires scripting experience
PowerShell option can be used where the
customer/partner may have wrappers
around PowerShell scripts (eg: Self Service
Provisioning)
Windows Azure
Active Directory
Multi-forest AD support is available through
Microsoft-led deployments
Multi-forest DirSync appliance supports multiple
dis-joint account forests
FIM 2010 Office 365 connector supports complex
multi-forest topologies
Federation
using ADFS
DirSync on FIM
AD
AD
AD
On-Premises Identity
Ex: Domain\Alice
User
Windows Azure
Active Directory
Preferred option for Directory Synchronization
with Non-AD Sources
Non-AD support with FIM is available through
Microsoft-led deployments
FIM 2010 Office 365 connector supports complex
multi-forest topologies
Federation
using NonADFS STS
Office 365
Connector on FIM
Non-AD
(LDAP)
On-Premises Identity
Ex: Domain\Alice
User
13
• Run the Microsoft Office 365 Deployment Readiness Tool http://community.office365.com/en-us/forums/183/p/2285/8155.aspx
• Analyse on-premise environment
• Domains
• User Identity and Account Provisioning
• Exchange Online
• Lync Online
• SharePoint Online
• Client
• Network
• Dirsync (Single Forest)must be joined to a domain within the same forest
that will be synchronized
• Dirsync Server should never be installed on a domain controller
• Dirsync Server should be Windows Server 2008 (x64)
• By default SQL Server 2008 R2 Express is installed.
• 10GB database limit (approx. 50,000 objects)
• Full SQL Option Available.
• X64 Single\Multi Forest Appliance available (O365 connector also
available for complex scenarios)
From
the
Field
When utilising the full SQL option you must ensure that the EA account has “sysadmin” rights on
the SQL database and that the Dirsync service account has “public” permissions on the Dirsync DB.
From
the
Field
When installing Dirsync ensure that you use EA credentials and that all DC’s are accessible from the
Dirsync Server.
Number of objects in
Active Directory
CPU
Memory
Hard disk size
Fewer than 10,000
1.6 GHz
4 GB
70 GB
10,000–50,000
1.6 GHz
4 GB
70 GB
50,000–100,000
1.6 GHz
16 GB
100 GB
100,000–300,000
1.6 GHz
32 GB
300 GB
300,000–600,000
1.6 GHz
32 GB
450 GB
More than 600,000
1.6 GHz
32 GB
500 GB



Service
Protocol
Port
LDAP
TCP/UDP
389
Kerberos
TCP/UDP
88
DNS
TCP/UDP
53
Kerberos Change
Password
TCP/UDP
464
RPC
TCP
135
RPC randomly
allocated high TCP
ports
TCP
1024 - 65535
49152 - 655351
SMB
TCP
445
SSL
TCP
443
SQL
TCP
1433

Attribute
Object Type
MSExchArchiveStatus
User
MSExchBlockedSendersHash
User
SExchSafeRecipientsHash
User
MSExchSafeSendersHash
User
MSExchUCVoiceMailSettings
User
ProxyAddresses
User, Contact, Group
22
Synced object
attribute
User
Group
Contact (Src)
Description
Read
-
Read
The person's (user or contact) company
name.
Read
-
Read
Description
Read
Read
Read
DisplayName
Read
Read
Read
The name of the person's (user or contact)
department.
Human-readable descriptive phrases about the
object
The display name for an object, usually the
combination of the person's first name, middle
initial, and last name.
Company
Department
List of attributes that are synced to Windows Azure Active Directory and attributes
that are written back to the on-premises Active Directory Domain Services
http://support.microsoft.com/default.aspx?scid=kb;en-US;2256198
Sync Cycle Step 3:
Export Users, Groups, and
Contacts that do not already
exist in Microsoft Online
Sync Cycle Step 2:
Services
Imports Users, Groups, and
Contacts from Microsoft
Online Services via AWS
On-premises
Exchange
Server
Sync Cycle Step 1:
Import Users, Groups,
and Contacts from source
Active Directory forest
Active
Directory
DirSync
Microsoft Online Services
DirSync
Web Service
Online
Directory
Live ID
Exchange
Online
SharePoint
Online
User Object
Mailbox-Enabled
ProxyAddresses:
SMTP: [email protected]
Logon Enabled User Object (Unlicensed)
Mail-Enabled User (not Mailbox-Enabled)
ProxyAddresses:
SMTP: [email protected]
Lync Online
smtp: [email protected]
TargetAddress:
[email protected]
33