Add users with Active Directory synchronization
Resumen: The following article takes you through using either the federated or synchronized identity format to manage your users access to your Domain.
Instrucciones
Office 365 Directory Synchronization
You can either use synchronized identity or federated identity between your on-premises organization and Office 365. With synchronized identity, you manage your users on-premises. They are authenticated by Azure Active Directory when they use the same password in the cloud as on-premises. This is the most common directory synchronization scenario.
Federated identity, also known as single sign-on (SSO), allows you to manage your users on-premises. They are authenticated by your on-premises directory. Federated identity requires additional configuration and enables your users to sign in once.
Before you get started read Understand Office 365 and Azure Active Directory options to understand your identity options.
Prerequisites for Azure Active Directory(AD) Connect
You get a free subscription to Azure AD with your Office 365 subscription. When you set up directory synchronization, you will install Azure Active Directory Connect on one of your on-premises servers.
For Office 365 you will need to:
- Verify your on-premises domain (the procedure will guide you through this)
- Have Global Administrator permissions for your Office 365 tenant and on-premises Active Directory
For your on-premises server. To install Azure AD Connect, you need the following software:
| Server OS |
Other software |
|---|---|
| Windows Server 2012 R2 |
PowerShell is installed by default, no action is required. Net 4.5.1 and later releases are offered through Windows Update. Make sure you have installed the latest updates to Windows Server in the Control Panel. |
| Windows Server 2008 R2 with Service Pack 1 (SP1) or Windows Server 2012 |
The latest version of PowerShell is available in Windows Management Framework 4.0. Search for it on Microsoft Download Center https://www.microsoft.com/en-US/download .Net 4.5.1 and later releases are available on Microsoft Download Center |
| Windows Server 2008 |
The latest supported version of PowerShell is available in Windows Management Framework 3.0, available on Microsoft Download Center https://www.microsoft.com/en-US/download
.Net 4.5.1 and later releases are available on Microsoft Download Center |
- To more carefully review hardware, software, account and permissions requirements, SSL certificate requirements, and object limits for Azure AD Connect, read Prerequisites for Azure Active Directory Connect
. - You can also review the Azure AD Connect version release history
to see what is included and fixed in each release.
Set Up Directory Synchronization
-
Sign in the Microsoft Online Portal
. -
Select Users > Active Users
-
From the Active users page, choose More > Directory synchronization.
-
On the Is directory sync right for you? page, the two first choices of 1-10, and 11-50 return the response "Based on the size of your organization, we recommend that you create and manage users in the cloud. Using directory synchronization will make your setup more complex. Go to Active users to add your users."
-
You can still continue setting up directory synchronization by choosing Continue here on the bottom of the page.
-
If you select the two latter choices, 51-250 or 251 or greater, the synchronization setup will recommend directory synchronization. Choose Next to continue.
-
-
On the Sync your local directory with the cloud, read the information, then choose Next.
-
On the Let's check your directory page, review the requirements for automatically checking your directory. If you meet the requirements, choose Next > Start scan. If you cannot meet the requirements you can still continue by choosing to continue manually.
-
If you select to scan your directories, choose Start scan on the Evaluating directory synchronization setup. Follow the instructions to download and run the scan.
-
Once the scan is complete, return to the setup wizard, and choose Next to see your scan results.
-
Verify your domains as instructed on the Verify Ownership of your domains
-
Important: After you have added a TXT record to verify you own your domain, do not go to the next step of adding users in the domains wizard. The directory synchronization will add users for you.
-
-
Return to the Office 365 Setup page and choose Refresh.
-
On the Your domains are ready page, choose Next.
-
On the Clean up your environment page, you can follow the instructions to download IDFix to check your Active Directory. Choose Next to continue.
-
On the Run Azure Active Directory Connect page, choose Download to install the Azure AD Connect wizard.
-
Note: At this point, you will be in the Azure AD Connect wizard. Make sure you leave the directory synchronization wizard page open in your browser, so you can return to it after the Azure AD Connect steps are done.
-
After Azure AD Completes. On the Run Azure Active Directory Connect page, choose Download to install Azure AD Connect wizard. When AD Connect wizard has installed it will automatically open. You can also open it from your desktop, the default install site. Follow the wizard instructions depending on your scenario:
-
For multiple forests and SSO options, use Custom Installation of Azure AD Connect
.
-
-
Select Customize on the Express Settings page to use these options.
-
After the Azure AD Connect wizard is done, return to the Office 365 Setup wizard, and follow the instructions on the Make sure sync worked as expected page. Choose Next to continue.
-
Read the instructions on the Activate users page and then choose Next.
-
Choose Finish on You're all setup.
- After you have synchronized your users to Office 365, they are created but you need to assign licenses to them so they can use Office 365 features, such as mail.
- Finish setting up your domain by Updating Your DNS
Next Steps: Update Your DNS Records