Directory synchronization basics

  • 2/21/2018

In this sample chapter from Microsoft Office 365 Administration Inside Out, 2nd Edition, explore the basics of directory synchronization—starting with structure and data uniqueness.

As a new Office 365 administrator, one of the first things you need to understand and implement is directory synchronization. In fact, unless you plan to have only 10 to 20 users in your tenant, directory synchronization, and an understanding of its impact on the entire Azure Active Directory (Azure AD) experience, will be critical to a successful implementation and a continued positive Office 365 experience.

In simplest terms, directory synchronization is the process of duplicating your on-premises Active Directory objects (such as users, groups, and contacts) in Azure AD. It is, however, a bit more complex than that. There are several common misconceptions about Azure AD, and mistakes that occur during synchronization, that can make the process both cumbersome and confusing.

Directory structure

A typical on-premises Active Directory implementation is all about organization and structure. Your on-premises identity infrastructure, at a minimum, consists of one directory, and your objects are organized, typically by type or function, into containers to help ease administration.

In Active Directory, for instance, you can have one or more forests, and within each forest you have at least one additional container, the domain. Within each domain, your hierarchy consists of organizational units (OUs), enabling you to group objects, and you can nest OUs to categorize or subdivide your objects further.

Azure Active Directory, however, is flat. There is no discernable directory structure, nor can you dictate one. When synchronizing your objects to Microsoft Azure, all your users, groups, and contacts exist in a single container, with no organizational boundaries.

Although this configuration might seem confusing for anyone used to performing Active Directory administration, the Azure AD portal does a good job of separating object types for administrative purposes. It is true that large numbers of any particular object type might make browsing the Office 365 Admin Center portal difficult; however, the interface is designed to enable you to filter objects to help refine your search.

In Figure 4-1, note that users (active, disabled, guest), groups, contacts, and shared mailboxes are organized easily in the navigation pane. This organizational layout, coupled with the ability to search each object type, makes administration simpler despite the flat directory structure in Azure AD.

Figure 4-1

Figure 4-1 Organization of object types in the Office 365 Admin Center portal