Using O365 with on-prem AD RRS feed

  • Question

  • Hi All,

    We already have an O365 subscription for mailboxes of our organisation with out any On-premises AD. Now we are planning to setup an on-prem AD and sync the O365 with the on-prem also having SSO. My questions are as below:

    1. What would be the best approach to achieve this. Do we have to use DirSync and ADFS both for this scenario.

    2. Using Federated identity, the authority is still with on-prem AD, in this case what would happen to O365 if on-prem AD is down or the staff is outside of the organisation.

    3. Can we have authority both the sides. 



    Friday, February 9, 2018 6:52 AM


All replies

  • DirSync is depracated. Use AAD Connect.

    Two scenarios:

    • Just AAD Connect = Same Sign On. Have to log in again with same credentials
    • AAD Connect + ADFS = Single Sign On

    If ADFS is down you need to cancel the federation sign-on so you can login directly to Azure AD.

    Friday, February 9, 2018 7:51 AM
  • Thanks for your reply,

    But I want to know the best approach to achieve this.

    1. I want to know on how to create a single account for my existing users since their domain is "@domain.onmicrosoft.com" while my new domain on on prem will be difference.

    2. What would happen if the user is outside the corporate network. Does he need to connect to the VPN to sign in to Office365 since the authority will be with on prem AD.


    Thursday, February 22, 2018 2:43 AM
  • Although you can use "@domain.onmicrosoft.com" for your users, ideally, you would register your own "custom" domain in Azure AD.

    It doesn't matter where the user is. It will always have access to Azure AD workloads (authentication and applications such as Office 365). If you want to block or restrict certain type of signin, or application, have a look at Azure AD Conditional Access Policies: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, February 26, 2018 2:54 PM