Alexander Vanwynsberghe

"There is nothing impossible to him who will try"

The future of work with Office 365

Yesterday, April 1st 2014, I gave a keynote session at the Cronos Office 365 event in Belgium. I talked about the future of work with Office 365. Some exciting things like the Office Graph, Oslo, Clutter, the groups concept, OneDrive for business, …

As promised, you can find my slides at Slideshare:

How to setup DirSync with Project Online

Last week, the Active Directory team released a new version of a tool called “DirSync”. This is a tool who makes it possible to synchronize Active Directory accounts from your on-prem environment with Office 365. The version they release was a special one. Let me quote:

I’m happy to let you know that we’ve made it dead simple to connect AD to Azure AD, enabling users to log into Office 365, Windows Azure and any other cloud app integrated with Windows Azure AD using their on-premise username and password.  We’ve done this by updating Windows Azure Active Directory Sync Agent (a.k.a. DirSync) adding the ability to sync hashes of users’ on-premise AD passwords into Windows Azure AD.

How cool is that? Well, curious as I am, I decided to give this tool a go and synced my (playground) Active Directory to my Project Online tenant (which is nothing more than a Office 365 subscription). In this post, I’ll explain how you can achieve this.

First things first, you need an Active Directory. If you have an on-prem AD, just skip this step, at it’s just for demo purposes. As I don’t have the required hardware, but I do have an MSDN subscription, I used some Windows Azure VM’s for that part. What I did was first creating a DNS server (Networks -> Virtual Network -> Register a DNS Server). Next, a new virtual network using my DNS Server. Now  you can create your 2 Azure VM’s. I will not explain this in detail, but be sure that you use your Virtual Network when you go trough the Wizard.

03

You need 2 VM’s, one for the Active Directory role and one responsible for the DirSync. I’ll not go into detail about how to setup an AD role and how to join the other machine to this domain. You can find all info here: http://technet.microsoft.com/en-us/library/jj574166.aspx. Once completed, you should have this:

04

Next up, we will ‘enable’ DirSync at our Office 365 subscription. Browse to https://portal.microsoftonline.com/DirSync/DirectorySynchronization.aspx and enable step 3:

11

Next up, we will install the “DirSync” tool. You can download the latest version here (or use the “Download” link on the page you’re currently looking at). Once the file has been downloaded (180 MB), run the installer, and follow the wizard. The installation takes about 10 minutes.

05

Once the installation has been completed, the configuration Wizard will start. Provide your Windows Azure Active Directory Administrator (WAAD) Credentials. This is the account that you used to create your Office 365 subscription. (if you don’t know the credentials, or you want to try, browse to: https://activedirectory.windowsazure.com and test it)

07

At the next step of the wizard, enter your Active Directory Enterprise Administrator Credentials.

08

At the next step, be sure to enable “Enable Password Sync“. That’s this cool new feature!

09

Once the last step has been completed, a first “full sync” will be started:

10

That’s it! Nothing special. Now you have to check the “Users” in your Project Online (office 365) subscription. Browse to “Admin -> Office 365 -> Users“. There you will see the AD users! Great! Now, just “syncing” this users does not mean that they have access to your subscription. They are not assigned to a license. To manage this, click on the user, and select “Activate Synced Users

12

Assign the correct license to this user, and click “Next” to finish. Note that this user will get a temporary password, but you don’t need this as you have DirSync with password sync (joy!).

13

Still one small thing to do. “Share” my site (in this case the Project Web Access) with that new user. Just click on the “Share” button.

14

Now open a new (inprivate) browser window, and login using the username and password from your Active Directory. There you go:

15

There you have it! A sync between your AD and Project Online (Office 365). But it doesn’t stop there for this post. I just wanted to be sure that the password sync does actually work. So I changed the password and the first name of my user in my AD. But then … How can I force a sync? By default, it takes about 3 hours (password changes-only will be instantly, but changing a name for example will take some time).

So, PowerShell to the rescue! Browse  to “C:\Program Files\Windows Azure Active Directory Sync” and double-click on DirSyncConfigShell.psc1. Enter the command “Start-OnlineCoexistenceSync“:

16

If you open the “Event viewer” on your machine, you will see some entries from the AD sync:

17

Enjoy your syncing!

Get your populated Office 365 demo environment

Did you know that, as a Microsoft Partner, you can get a free demonstration environment and some guide materials for the new Office and Office 2013 without requiring a full installation locally? Well, I didn’t until James Akrigg (@jakrigg) posted the following tweet:

tweet

Curious as I am, I wanted my own demo environment. As I have a partner login associated with my Live ID, I decided to give it a go. Point your browser to https://www.microsoftofficedemos.com/ and click on the ‘Microsoft Partner’ link. You have to provide your credentials to continue. Once you’re successfully logged in, you will see some information about this offer, but the most import things are:

  • Subscription includes an Office 365 Enterprise SKU trial tenant (note: this tenant is subject to trial restrictions, including a 30-day expiration)
  • Subscription includes an Office Enterprise Hero Demo guide which provides talking script and clicking guidelines

That’s great, let’s create one. Click on the “Create Demo” link on top of the page. You will now see the options of the demo environment like the type of Office 365 Tenant, the demo content and the demo language. As for now, it looks like you cannot change the options. I guess that there will be some more options available in the future.

02Click on “Create Your Demo”. You can now enter a tenant name and type the correct robot number.

03Once you click on “Create My Account”, you will see the provision status of your tenant. Something like:

01

That’s all you have to do. If you read the questions from the FAQ section, you will see that the process will take 8 to 36 hours, depending on service availability. You will receive a completion email when the content provisioning process has been completed. You can easily check the status of your tenant by entering your tenant name in the ‘Domain’ box. (Or use the link in the email did receive after you registered your demo instance.

Having a demo environment is one thing, showing the new goodies are another thing. That’s where the demo guides and documents come in. You can find an impressive list of guidance documents by clicking on the “Resources” link on top of the page.

Small note: You can login using the following two credentials: KatieJ@tenant.onmicrosoft.com and RobinC@tenant.onmicrosoft.com

Thanks to the Office team for making this available!