none
Password Sync RRS feed

  • Question

  • Can users from different OUs from any single forest(domain) be synced with different O365 tenants ?

    If we want to configure SSO in this scenario ... is it possible to have dir sync server with ADFS configured to sync user data from different OUs in same domain to different O365 tenant ? What configuration is required ?

    Does FIM 2010 R2 support password sync from on-prem to O365 ?

    Please answer this questions in short and share URL for more explanation..!!

    Friday, October 17, 2014 1:26 PM

All replies

  • Hello TG,

    "Can users from different OUs from any single forest(domain) be synced with different O365 tenants ?"

    => For me, it's possible because you can configure DirSync to use specifics OU (You will have to use one dirSync per tenant), or you can use FIM and the AAD connector

    "If we want to configure SSO in this scenario ... is it possible to have dir sync server with ADFS configured to sync user data from different OUs in same domain to different O365 tenant ? What configuration is required ?"

    => Like I said, you will have to use one DirSync per tenant, and probably one ADFS per tenant (not sure)

    "Does FIM 2010 R2 support password sync from on-prem to O365 ?"

    => I don't know, but remember that password sync with DirSync is not the same as PCNS (used with FIM2010)

    For DirSync: http://technet.microsoft.com/en-us/library/dn246918.aspx

    For PCNS: http://technet.microsoft.com/en-us/library/jj590288%28v=ws.10%29.aspx

    Regards,


    Sylvain

    Friday, October 17, 2014 2:46 PM
  • Hello,

    I agree with Sylvain, you need to have a Dirsync or AADSync servers for each O365 tenant, as you can only set one credential for O365 per SyncService.

    If you already have FIM you could also use 2 FIM AAD Sync Connectors to do this.

    But keep in mind that the FIM AAD Sync Connector can NOT sync password hash you can only use this in SSO scenarios togehter with ADFS. (Which clears up your last question).

    Regarding to your ADFS question: I'm nearly 90% sure you also need 1 ADFS per tenant as the federated domain you use for each tenant is different an so the name and certificated as different under which the ADFS servers will be reached from O365.

    I think its not possible to configure this manually in one ADFS but maybe I'm wrong on this.

    Regards
    Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Saturday, October 18, 2014 8:40 AM