Lab 1

Prerequisites

• Office 365 trial
  • Directory Synchronisation enabled within Office portal
  • Public domain name
  • Applicable DNS records configured
• Windows Server with ADDS installed
• Windows 7 client
• Windows Server client
• Enterprise Administrator credentials
• Global Administrator credentials

Purpose

The purpose of this lab is to simulate the implementation of DirSync with Office 365 using an Active Directory domain which has been deployed with a non-public routable DNS domain name e.g. domain.local or domain.internal.

Once DirSync is synchronised with Office 365 then I’ll look at implementing Office 2013 on the Windows 7 client logging in as a domain user and observing the effects of DirSync and the password synchronisation feature.

Lab Setup

Domain Controller

Install Windows Server 2008 R2, assign a static IP address, give the computer a suitable name and then run dcpromo.

Computer Name: ADDS01

IP Address 192.168.0.100/24 Gateway 192.168.0.1 Primary DNS 127.0.0.1

Forest root domain FQDN: office.local

The forest functional level needs to be at least Windows Server 2003.

reboot on completion.

DNS configuration

Create a reverse DNS zone for your local subnet.

Create DNS forwarders which point to your ISPs DNS servers and deselect use root hints if forwarders are unavailable.

Remove the root hints.

Active Directory configuration

Using the Domains and Trusts snapin configure a publicly routable DNS name; this UPN must match your domain defined within the Office 365 portal.

Then configure all users who will be using Office 365 to use the public DNS name for their UPN; you can multi select.

DirSync Server

Install Windows Server 2008 R2, assign a static IP address, assign a suitable name and join to the domain.

Computer Name: MSOLDS01

IP Address 192.168.0.101/24 Gateway 192.168.0.1 Primary DNS 192.168.0.100

Join the computer to the office.local domain.

Install DirSync ensuring the prerequisite software is installed e.g. Microsoft .Net Framework 4.0.

DirSync configuration

Follow the wizard entering the global administrator username and password for your Office 365 environment.

Enter the username and password of an account with Enterprise Administrator membership.

Enable password synchronisation – http://technet.microsoft.com/en-us/library/dn246918.aspx. This enables the user to only remember one password; when the user changes their password within the on-premises ADDS the password will be synchronised within minutes.

Once you click finish you’ll be prompted to synchronise your ADDS with the cloud.

With password sync enabled the directory sync will result in the application event log recording verify Password Change Requests and Password Change Results for user accounts

You also notice event ID 650 and 651 recorded to signify that synchronisation has started and finished.

Once the directory synchronisation is complete you can verify within the Office 365 portal the last sync time and synchronised users.

Windows 7 Client

Install Windows 7, assign a suitable and name and join it to the domain. I’ve assumed DHCP is deployed so no need to configure an IP address.

Computer Name: Client01

Join the computer to the domain.

Client configuration

Logon to the client computer using your domain credentials e.g. jbloggs@UPN, login to the Office 365 portal and install Office 2013.

Open Outlook 2013 and follow the wizard, if your Active Directory properties do not have an email address defined as below then then Outlook auto-configure will not populate the Display Name, Email address etc.

Click next, If you have configured your DNS records as suggested by Microsoft e.g.

then Outlook will auto-configure itself too, you’ll be prompted for your Office 365 credentials as we are not using federated logins but because the password has been synchronised the password is the same as your Windows login credentials.

If you haven’t configured the autodiscover record correctly this step will fail; check out https://www.testexchangeconnectivity.com/ and select Outlook Autodiscover.

Outlook 2013 is now connected to Exchange Online