No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

ADFS and Dirsync

  • 4 Followers
  • 7 Replies |
  • This post has 2 verified answers |
Answered (Verified) This question is answered
Do you require ADFS if all you want to do is sync your AD? The organization I am associated with does not want to implement SSO but would still like to most of the management through the on premise AD.
  • Post Points: 50
Verified Answer
  • Hello Jlavergne,

    Just to add something to my first reply.
    Since the password of the local AD users cannot synchronize to Office 365 via DirSync, the synced users need to be activated (setting location and assigning licenses) by clicking Activate synced users on Domain page. After that, you need to reset the synced users’ password to get a temporary password to let them to sign in Office 365.

    Moreover, if the synced users' password needs to be reset, administrator needs to do it at Office 365, instead of local AD. As a result, in users’ credentials management level, deploying ADFS and Single Sign-On is recommended.

    In addition, If you have any other questions or concerns for the issue, please do not hesitate to contact us. It is always our pleasure to be of assistance.

    Best regards,
    Claud  

    • Top 10 Contributor
    • Male
    • Post Points: 0
  • Hello Jlavergne,

    I'm writing to follow up my previous reply. 
    If you need further assistant on this issue, please feel free to post back.

    Best regards,
    Claud

    • Top 10 Contributor
    • Male
    • Post Points: 0
All Replies
  • Yes still you required.

    • Not Ranked
    • Post Points: 0
  • Hello Jlavergne,

    Do you want to manage the user’s attributes at local AD without installing ADFS?

    If so, Sriram is correct. In this case, Yes.
    If you don’t install ADFS, the user synchronized from local AD to Office 365 cannot sign in Office 365.

    Best regards,
    Claud

    • Top 10 Contributor
    • Male
    • Post Points: 0
  • Hello Jlavergne,

    Just to add something to my first reply.
    Since the password of the local AD users cannot synchronize to Office 365 via DirSync, the synced users need to be activated (setting location and assigning licenses) by clicking Activate synced users on Domain page. After that, you need to reset the synced users’ password to get a temporary password to let them to sign in Office 365.

    Moreover, if the synced users' password needs to be reset, administrator needs to do it at Office 365, instead of local AD. As a result, in users’ credentials management level, deploying ADFS and Single Sign-On is recommended.

    In addition, If you have any other questions or concerns for the issue, please do not hesitate to contact us. It is always our pleasure to be of assistance.

    Best regards,
    Claud  

    • Top 10 Contributor
    • Male
    • Post Points: 0
  • I understand that the recommendation is for SSO.  I also understand that without SSO the password for Office 365 will need to be managed from the online webpage.  The only reason they want Dirsync is so they do not have to manually add/modify user information.  They are happy to manage passwords in 2 places.  So I am still unsure if Federated Services is required?  

    If it is required, can someone explain why?

    • Not Ranked
    • Post Points: 0
  • Hi jlavergne - hope all is well..

    To add to the above responses & Claud's 2nd post -- yes -- you can set up dirsync without ADFS.  Claud was clarifying in his 2nd post that if you do this, you'll have to separately manage the password - as you note in your last post.

    So - net/net - you can do dirsync without ADFS - just means you have manual processes to manage.

    Feel free to drop me a line & I can review more details.

    Hope this helps,  

    David Bleecker

    david@bleecker.net

    • Top 500 Contributor
    • Post Points: 0
  • Hello Jlavergne,

    Thanks for your feedback and the information Bleeker provided.

    I understand that your customer just needs to modify and synchronize users’ information without managing password at local AD. If this is the case, you can use DirSync without ADFS as Bleecker mentioned.

    Best regards,
    Claud

    • Top 10 Contributor
    • Male
    • Post Points: 0
  • Hello Jlavergne,

    I'm writing to follow up my previous reply. 
    If you need further assistant on this issue, please feel free to post back.

    Best regards,
    Claud

    • Top 10 Contributor
    • Male
    • Post Points: 0
Page 1 of 1 (8 items)