SHAREPOINT AND OFFICE 365 HYBRID CONFIGURATION FROM A TO Z

Julien “Superman” Stroheker and Nicolas “Batman” GeorgeaultNegotium Technologies@Ju_Stroh et @NGeorgeault

2

@JU_STROH - SUPERMANJulien Stroheker

Team Lead @ Negotium Technologies

Speaker and blogger http://www.pimpthecloud.com https://channel9.msdn.com/Blogs/Pimp-The-Cloud-Show

3

@NGEORGEAULT - BATMANNicolas GeorgeaultCIO & SharePoint Senior Architect @Negotium20 years of experience in IT8 with SharePoint6 as a SharePoint MVPCo-author of Microsoft SharePoint Server 2010 and 2013 French booksEmail/Yammer: ngeorgeault@club-sharepoint.frTwitter: @ngeorgeaultBlog: http://blog.georgeault.co

4

AGENDA Introduction Demo Demo Demo Demo Takeaways

ON-PREMISES SERVICE APPLICATIONS• SharePoint On-Premises requires a number of Service Applications to support Hybrid

• Secure Store is required for inbound Hybrid• User Profile Service required to rehydrate users

for Security Trimming

DEPLOYMENT STEPSFour Steps to Configure Onedrive and Sites Hybrid1. Infrastructure Pre-Requisites2. Setup AD Connect (DirSync)3. ADFS Server and Proxy4. Hybrid Picker

DEPLOYMENT STEPSRequired Tools• Active Directory Connect - Link• Azure Active Directory Module for Windows

PowerShell – Link• SharePoint Online Management Shell – Link

DEMO 1: INFRASTRUCTURE PRE-REQUISITES

DEPLOYMENT STEPSInfrastructure Pre-Requisites – Verify Internal Domain• Verify the internal AD domain name with Office 365

– Needs to be a routable domain!• Enables Microsoft to verify that you “own” the

domain• If you are using a non-routable domain (.local) for AD – all is not lost!

• Verifying a domain increases the Office 365 object limit from 50K to 300K!

DEPLOYMENT STEPSInfrastructure Pre-Requisites – Verify Internal Domain• In my environment the AD domain is contoso.com

which isn’t routable!• I purchased o365ug.ca and associated this with the

AD domain contoso.com by adding a UPN Suffix• Updated user accounts to use the new domain

DEPLOYMENT STEPSInfrastructure Pre-Requisites – Verify Internal Domain• Involves adding a temporary DNS record to the

domain• The existence of this record is verified by Microsoft

to validate domain ownership• Instructions included for the most common DNS

hosting providers

DEPLOYMENT STEPSInfrastructure Pre-Requisites – Verify Internal Domain

DEPLOYMENT STEPSInfrastructure Pre-Requisites – Active Directory• AD domain must be at least Windows Server 2003 Forest

Functional Level• Run IdFix to identify objects that could cause sync issues and

remediateo Illegal characterso Duplicate entrieso Lengtho …

DEPLOYMENT STEPSInfrastructure Pre-Requisites – Activate Directory Sync

PowerShell

Admin Center

DEMO 1: INFRASTRUCTURE PRE-REQUISITES

DEPLOYMENT STEPSSetting up AD Connect1. Install and configure the AD COnnect tool – Link2. Assign user licenses in Office 365

DEMO 2: SETTING UP AD CONNECT

DEPLOYMENT STEPSAdditional Considerations• For greater control over the attributes that are synchronised to Azure AD select Azure AD app and attribute filtering

• Password write-back requires Azure AD Premium

DEPLOYMENT STEPSChecking Directory Synchronisation

DEPLOYMENT STEPSDirectory Synchronisation – Notification e-mail

DEPLOYMENT STEPSAssigning Licenses using the Office 365 Portal

DEPLOYMENT STEPSAssigning Licenses using PowerShell• Licenses all users with a Username (UPN) of *.o365ug.ca

• Also sets their location to CA

DEPLOYMENT STEPS

AD Connect Schedule• By default AD Connect will sync AD users with Office 365 every 3 hours

• A sync can be manually performed using DirectorySyncClientCmd.exe – automate using a Scheduled Task

DEPLOYMENT STEPS

Account• Account is created in AD during AD Connect

configuration• Used by AAD Connect to read attributes from AD

• This account is granted the following permissions:

• Replicating Directory Changes• Replicating Directory Changes All

DEMO 3: RUN HYBRID PICKER SCENARIOS

BASE CONFIGURATION FOR HYBRIDSummary• Added a custom domain to Office 365 (o365ug.ca)• Tidied up AD and activated Directory Sync in Office 365

• Setup Azure AD Connect to sync users from On-Premises AD to Office 365 (Azure AD)

• Launch Hybrid Picker from SharePoint 2013 Server with Office 365 Admin account

33

ANY QUESTION?

34

SPECIAL THANKS - CREDITSBrendan Griffin for his session:Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

GOLD

THANK YOU SPONSORS!RA

FFLE

SILV

ER

PLATINUM

Thank you!Toronto Enterprise Collaboration User GroupChange Management, Governance, SharePoint, Office 365, Yammer, PowerBI, etchttp://www.meetup.com/TSPBUG/Toronto SharePoint Business Users Grouphttp://www.meetup.com/TorontoSPUG/

Saturday July 9, 2016

See you next year!