Many companies that use Office365 struggle with the same problem: “how can I automate the synchronization between my on-premise Active Directory users and Office365”? To solve this problem, Microsoft provides ‘Dirsync’. Dirsync is a downsized version of the Forefront Identity Manager 2010 (FIM2010) sync server.
When you start using Dirsync, you have to be very aware of the advantages and disadvantages of this solution. A summary:
- It’s free.
- The solution is out-of-the-box. There are no difficult configurations to make, so the system can be operational in a short time span.
- An Office365 account is created for ALL Active Directory users of a particular OU. There are few possibilities to create an account for users with a particular role, or members of a particular AD group
- There is little control over the user object. The necessary ‘IsLicensed’ attribute is not set to true. This means that there is still an action necessary to allow the user to work. This can be done by means of a powershell-command, or via Office365 itself.
If these disadvantages are not applicable to your organization, Dirsync might do the trick for you. If they do apply, you should consider using the full FIM 2010 Sync server and an Office365 management agent based on powershell.
Want more advice on this topic? Do not hesitate to contact me at any time!