SPHOL300 Synchronizing Profile Pictures from On-Premises ...SPHOL300 - Synchronizing Profile...

SPHOL300 Synchronizing Profile

Pictures from On-Premises AD to

SharePoint Online

of 31

SPHOL300 - Synchronizing Profile Pictures from On-Premises AD to SharePoint Online

Contents Overview ................................................................................................................................................... 3

Introduction .............................................................................................................................................. 3

The Contoso Ltd. Scenario ........................................................................................................................ 4

Exercise 1: Member Server – Sign up for Office 365 E3 Trial ...................................................................... 5

Lab 1 – Start your free 30-day trial ............................................................................................................... 5

1.1: Working with Active Directory Connector ......................................................................................... 6

1.2: Create & Configure an Active Directory Connector ....................................................................... 6

Exercise 2: Domain Controller– Prepare for directory synchronization ..................................................... 9

Lab 2 – Prepare for directory synchronization ........................................................................................... 10

2.1 Incident Management – Create, Escalate, Resolve and Close the Incident ...................................... 11

Exercise 3: Member Server – Activate Active Directory Synchronization ................................................ 13

Lab 3 – Activate Active Directory Synchronization ..................................................................................... 14

3.1 Change Management – New CR, Add Reviewers, Approver, Manual Activity ................................. 14

Exercise 4: Member Server -Install and configure the Directory Sync Tool

Exercise 5: Member Server - Verify directory synchronization and activate synchronized users

of 31


Overview

Azure Active Directory Dirsync was formerly known as Dirsync, this tool has been updated to allow for the synchronization of local Active Directory passwords to Azure Active Directory. This new feature will allow for Same Sign In with Microsoft cloud services such as Office 365 Education powered by Azure Active Directory since the username and the password from local AD will by synced up to Azure AD.

Introduction

Estimated time to complete this lab

60 minutes – Complete lab time estimate as accurately as possible.

Objectives

After completing this lab, you will be better able to:

Overview of Lab

This lab will guide the student through several process automation examples, providing hands on

experience with the concepts explained in the student course manual. To provide real-world context,

the guide is based on the Contoso, Ltd. scenario, a fictional organizations that is explained here and

throughout the course.

Virtual Machine Technology

The computers in this lab are virtual machines that are implemented using Microsoft Hyper-V. When

you have started a virtual machine, log on by clicking on Send CTRL+ALT+END and supply the credentials

listed in the lab instructions.

of 31


Computers in this Lab

This lab uses virtual machines as described in the following table. Before you begin the lab, you must

start the virtual machines and then log on to the computers.

Component Description

Windows 2012 R2 AD Domain Controller

Server: DC.Contoso.com

Runs the Active Directory instance for the

Contoso.com domain used by all systems in

this Contoso scenario.

Windows 2012 Member Server

Server: SYNC.Contoso.com

Runs the Azure Active Directory Dirsync Tool to

synch onprem users, groups and contacts to

Azure Active Directory.

All user accounts in this lab use the password LS1setup!

The Contoso Ltd. Scenario

of 31


To provide real-world context for the step-by-step procedures, we have created a fictitious

organizational with technical and business challenges described in various scenarios in this lab manual.

Our scenario takes place at a fictional company, Contoso Ltd.

Exercise 1: System Center Service Manager – Active Directory Connector

Lab 1 – Creating an Active Directory Connector to Import Data from AD Virtual Machines: SYNC Username: CONTOSO\administrator Password: LS1setup! Estimated time to complete: 20 minutes To log onto the virtual machine, press CTRL-ALT-END To switch to full screen mode, press CTRL-ALT-BREAK

Scenario:

of 31


Contoso wants evaluate Office 365 E3 Plan. Contoso has decided to import users, groups, and computers from Active Directory since these are the only objects that are covered by the Configurations Management policy for CI objects. To do this, you need to do the following:-

1.1: Sign up for Office 365 E3 Trial In this exercise, you will perform the following actions:-

1. Sign up for office 365 E3 Trial 2. Observe the imported AD Objects into Service Manageer Console 3. Create new user accounts & Update user Properties details in AD 4. Manually synchronize the Active Directory connector

1.2: Create & Configure an Active Directory Connector

Task Detail step

Perform the following tasks on this virtual computer:

SYNC.Contoso.com

1. Sign up for Office 365 E3 30-day trial

1. Log on into the Member server SYNC with the CONTOSO\Administrator account

2. Open Internet Explorer.

3. Browse to address to sign up for Office 365 E3 Trial.

http://office.microsoft.com/en-us/business/office-365-enterprise-e3-business-software-FX103030346.aspx

4. Use Microsoft HQ address if you work outside of the US. One Microsoft Way Redmond, WA 98052

5. Example of signup



of 31


Task Detail step

6. Create your new user ID and provide Mobile Phone number to receive security code

to unlock this account for lost password and Click create my account.

of 31


Task Detail step

7. Setup of SharePoint, Exchange and Lync will take a little time to provision.

of 31


Task Detail step

Exercise 2: Domain Controller – Prepare for directory synchronization

of 31


Lab 2 – Prepare for directory synchronization Virtual Machines: DC Username: CONTOSO\Administrator Password: LS1Setup! Estimated time to complete: 30 minutes Prerequisites: You have signed up for an Office 365 E3 Trial. You will need the following from the sign up form.

1. Organization Name 2. User ID (Example [email protected]) 3. Password

Scenario: Contoso Active Directory environment must be properly configured in order for your users to sign-in to Microsoft online services. In particular, the userPrincipalName (UPN) attribute, also known as a user logon name, must be set up correctly for each user in a specific way. The UserPrincipalName attribute must use a publically routable domain. Contoso is currently not using a publically routable domain, you will need to update all Contoso users UserPrincipalNames attributes. You need configure a valid UPN for every account in the Contoso Domain. In this exercise, you will perform the following actions:-

1. Add an alternative UPN suffix to Consoto Active Directory Domain. 2. Update all user’s UserPrincipalNames attribures in the Consoto Domain to use the new UPN

Suffix created.

of 31


2.1 Add alternative UPN suffix to Contoso Active Directory and update all

users in Contoso domain with the new UPN Suffix

Task Detail step


DC.Contoso.com

1. Add User Principal Name Suffix to Active Directory

You need to add an alternative UPN suffix to simplify administration and user logon processes by providing a single UPN suffix for all users. The UPN suffix is used only within the Active Directory forest, and it is not required to be a valid DNS domain name. You will use the UPN suffix in Office 365 created when you signed up for Trial.

1. Log on as Contoso\Administrator on the DC server

2. Open Active Directory Domains and Trusts. To open Active Directory Domains and Trusts, click Start, click Administrative Tools , and then click Active Directory Domains and Trusts .

3. In the console tree, right-click Active Directory Domains and Trusts , and then click Properties .

4. On the UPN Suffixes tab, type an alternative UPN suffix for the forest, and then click Add .

Enter in your UPN from your tenant.

Example

[email protected]

5. Click Add

of 31


Task Detail step

6. Click OK

2. Update all users in Contoso Domain with the new UPN created above.

All users created in the Contoso domain currently have a null UPN attribute. Run Powershell to update all users to use the new UPN suffix.:

1. Log on into the DC server using CONTOSO\Administrator account.

2. From the Task bar, launch Powershell, Right click and Run as Admininistrator.

of 31


Task Detail step

3. Run the following powershell to update all user accounts with the new UPN suffix. Get-ADUser -Filter {-not (UserPrincipalName -like '*')} -SearchBase 'CN=Users,DC=contoso,DC=com' | % {$CompleteUPN = $_.SamAccountName + "@MSFTETR18LAB.onmicrosoft.com" ; Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName $CompleteUPN}

Exercise 3: Member Server – Activate Active Directory Synchronization

of 31


Lab 3 – Activate Active Directory Synchronization Virtual Machines: SYNC Username: CONTOSO\Administrator Password: LS1Setup! Estimated time to complete: 20 minutes Scenario: You must activate directory synchronization before you install the Directory Sync tool. When you activate directory synchronization, you are turning on this feature across your tenant and all the Microsoft cloud services that you are subscribed to. In this exercise, you will perform the following actions:-

1. Browse to Tenant Admin Portal and Activate Active Directory Synchronization

3.1 Using Tenant Admin Portal Activate Active Directory Synchronization

Task Detail step


SYNC.Contoso.com

of 31


Task Detail step

1. Activate Active Directory Synchronization using Tenant Admin.

You need to create the change described above. To do this, Do the following:

1. Log on into the SYNC server using contoso\Administrator account.

2. Lanch Internet Explore and browse to tenant admin portal.

https://portal.microsoftonline.com/admin/default.aspx

3. Click Users and groups, click Active Users, click Set up next to Active Directory synchronization, and then proceed to the next step.

4. Select Activate in step 3 to activate Active Directory

Synchronization.

Exercise 4: Member Server – Install DirSync Tool


of 31


Lab 4 – Install DirSync Tool

Virtual Machines: SYNC Username: CONTOSO\Administrator Password: LS1Setup! Estimated time to complete: 20 minutes Scenario: Once you have activate directory synchronization you can install the Directory Sync tool. In this exercise, you will perform the following actions:-

1. Browse to Tenant Admin Portal to download and install Directory Sync Tool.

Exercise 4.1: Member Server – Install Directory Sync Tool

of 31


Task Detail step


SYNC.Contoso.com

1. Download Directory Sync tool from tenant admin

You need to create the change described above. To do this, Do the following:

1. Log on into the SYNC server using contoso\Administrator account.

2. Launch Internet Explore and browse to tenant admin portal.


3. Click Users and groups, click Set up next to Active Directory synchronization, and then proceed to the next step.

4. Select Download in step 4 to download Directory Sync Tool.

5. Run Tool.


of 31


Task Detail step

6. On the Welcome screen click Next

7. Accept the license agreement and click Next

of 31


Task Detail step

8. On the Select Installation Folder page, click Next, the installation will begin.

9. Installation will take 10 minutes or longer depending upon the speed of the

computer.

of 31


Task Detail step

10. Once Installation is complete click Next.

11. On the Finished page, click finish.

12. On the Welcome page, click next.

of 31


Task Detail step

13. Under Microsoft Online Services Credentials, enter your admin credentials.

14. Enter in your Local Active Directory User Name and password.

of 31


Task Detail step

Contoso\administrator

Password: LS1setup!

15. Enable Hybrid Deployment and Click Next

16. Enable Password Sync and Click Next.

of 31


Task Detail step

17. Click Next

18. Select Synchronize your directories now and click Finish

of 31


Task Detail step

Exercise 5: Member Server – Verify Directory Synchronization and activate

synchronized users

of 31


Task Detail step


SYNC.Contoso.com

1. Verify directory synchronization

a) Launch IE and navigate to the online portal and log in as the Admin

https://portal.microsoftonline.com/

b) Go to Office 365 admin center and click users and groups, click Active

Users. If the synchronized users do not appear, refresh the browser window

2. Activate Users a) In the list of users, fill in the checkbox next to a user

multiple users can be activated at the same time, select all the accounts you wish to

activate at this time. You can do it later as well.

b) Select Activate Synced Users on the far right of the screen.

of 31


Task Detail step

c) Select the Location (United States) and the license options for this user, click next

d) Accept the defaults and click activate

Click Finish

3. Sign out of 365 Administration Portal using Top Right Navigation bar.

4. Log into Online as Aaronp

a) Launch IE and clear the proxy settings completely.

b) navigate to https://portal.microsoftonline.com

c) If the User ID is not blank then select the link Sign in with a different user ID.

d) For User ID: enter [email protected]

where NNN is the name of your tenant

https://portal.microsoftonline.com/

of 31


Task Detail step

5. Navigate to OWA by Clicking on Outlook using the top right navigation bar

of 31


Task Detail step

6. Select English for Language, Pacific Time Zone and Click Save.

7. Click on people link using top right navigation bar.

8. Notice that user photos are not displaying in people hub due to photo being too large.

9. Resize Aaronp photo in activate directory using 3rd party tool.

Follow these steps to upload or edit a photo in a user’s Active Directory to have it display correctly in Lync:

1. First you need to download and install the AD Photo Edit Utility from http://www.cjwdev.co.uk/Software/ADPhotoEdit/Info.html. If you want to edit multiple users at a time, the Bulk Edition of the tool is needed.

http://www.cjwdev.co.uk/Software/ADPhotoEdit/Info.html

of 31


Task Detail step

2. After the tool has been installed, AD Photo Edit automatically detects and connects to your Active Directory. In my case it’s detecting the contoso.com domain.

3. Search for the user's name or alias and click Edit Image for the selected user. I searched for my alias, which is aaronp and the tool immediately pulled up my contact information.

of 31


Task Detail step

10. Resize photo to recommended size <10KB Size Limit 100KB and Click ok.

11. Force the

directory

synchronization

Open Windows PowerShell as administrator.

Import the DirSync module by typing import-module DirSync.

Type Start-OnlineCoexistenceSync.and press enter.

Give the sync 1-2 mins to finish before starting next step.

12. Click on people link using top right navigation bar.

13. Then click All Users under Directory.

of 31


Task Detail step

14. Notice the user photo that was resize is now displaying in people hub

15. Click on OneDrive using top right navigation bar to create user’s OneDrive (my site)

16. Click ok when prompted “Let’s get social”. After the site loads, click the Newsfeed link in the top navigation bar. Then click About me in the left navigation pane.

17. You will now notice that SharePoint is utilizing the user’s photo imported using dirsync tool.

SPHOL300 Synchronizing Profile Pictures from On-Premises ...SPHOL300 - Synchronizing Profile...

Documents

Transcript of SPHOL300 Synchronizing Profile Pictures from On-Premises ...SPHOL300 - Synchronizing Profile...