Julien “Superman” Stroheker and Nicolas “Batman” Georgeault
Negotium Technologies
@Ju_Stroh et @NGeorgeault
Julien Stroheker
Team Lead @ Negotium Technologies
 Speaker and blogger
 http://www.pimpthecloud.com
 https://channel9.msdn.com/Blogs/Pimp-The-Cloud-Show
2
Nicolas Georgeault
CIO & SharePoint Senior Architect @Negotium
20 years of experience in IT
8 with SharePoint
6 as a SharePoint MVP
Co-author of Microsoft SharePoint Server 2010 and
2013 French books
Email/Yammer: ngeorgeault@club-sharepoint.fr
Twitter: @ngeorgeault
Blog: http://blog.georgeault.co
3
 Introduction
 Demo
 Demo
 Demo
 Demo
 Takeaways
4
• SharePoint On-Premises requires a number of Service
Applications to support Hybrid
• Secure Store is required for inbound Hybrid
• User Profile Service required to rehydrate users for
Security Trimming
Four Steps to Configure Onedrive and Sites Hybrid
1. Infrastructure Pre-Requisites
2. Setup AD Connect (DirSync)
3. ADFS Server and Proxy
4. Hybrid Picker
Required Tools
• Active Directory Connect - Link
• Azure Active Directory Module for Windows PowerShell –
Link
• SharePoint Online Management Shell – Link
Infrastructure Pre-Requisites – Verify Internal
Domain
• Verify the internal AD domain name with Office 365 –
Needs to be a routable domain!
• Enables Microsoft to verify that you “own” the domain
• If you are using a non-routable domain (.local) for AD – all
is not lost!
• Verifying a domain increases the Office 365 object limit
from 50K to 300K!
Infrastructure Pre-Requisites – Verify Internal
Domain
• In my environment the AD domain is contoso.com which
isn’t routable!
• I purchased o365ug.ca and associated this with the AD
domain contoso.com by adding a UPN Suffix
• Updated user accounts to use the new domain
Infrastructure Pre-Requisites – Verify Internal
Domain
• Involves adding a temporary DNS record to the domain
• The existence of this record is verified by Microsoft to
validate domain ownership
• Instructions included for the most common DNS hosting
providers
Infrastructure Pre-Requisites – Verify Internal
Domain
Infrastructure Pre-Requisites – Active Directory
• AD domain must be at least Windows Server 2003 Forest
Functional Level
• Run IdFix to identify objects that could cause sync issues and
remediate
o Illegal characters
o Duplicate entries
o Length
o …
Infrastructure Pre-Requisites – Activate Directory
Sync
PowerShell
Admin Center
Setting up AD Connect
1. Install and configure the AD COnnect tool – Link
2. Assign user licenses in Office 365
Additional Considerations
• For greater control over the attributes that are
synchronised to Azure AD select Azure AD app
and attribute filtering
• Password write-back requires Azure AD Premium
Checking Directory Synchronisation
Directory Synchronisation – Notification e-mail
Assigning Licenses using the Office 365 Portal
Assigning Licenses using PowerShell
• Licenses all users with a Username (UPN) of *.o365ug.ca
• Also sets their location to CA
AD Connect Schedule
• By default AD Connect will sync AD users with Office 365
every 3 hours
• A sync can be manually performed using
DirectorySyncClientCmd.exe – automate using a
Scheduled Task
Account
• Account is created in AD during AD Connect configuration
• Used by AAD Connect to read attributes from AD
• This account is granted the following
permissions:
Replicating Directory Changes
• Replicating Directory Changes All
•
Summary
• Added a custom domain to Office 365 (o365ug.ca)
• Tidied up AD and activated Directory Sync in Office 365
• Setup Azure AD Connect to sync users from On-Premises
AD to Office 365 (Azure AD)
• Launch Hybrid Picker from SharePoint 2013 Server with
Office 365 Admin account
33
Brendan Griffin for his session:
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
34
RAFFLE
SILVER
GOLD
PLATINUM
See you next year!
Saturday July 9, 2016
Thank you!
Toronto Enterprise Collaboration User Group
Change Management, Governance, SharePoint, Office 365,
Yammer, PowerBI, etc
http://www.meetup.com/TSPBUG/
Toronto SharePoint Business Users Group
http://www.meetup.com/TorontoSPUG/