SharePoint and Office 365 Hybrid configuration from A to Z

Julien “Superman” Stroheker and Nicolas “Batman” Georgeault
Negotium Technologies
@Ju_Stroh et @NGeorgeault
Julien Stroheker
Team Lead @ Negotium Technologies
 Speaker and blogger
Nicolas Georgeault
CIO & SharePoint Senior Architect @Negotium
20 years of experience in IT
8 with SharePoint
6 as a SharePoint MVP
Co-author of Microsoft SharePoint Server 2010 and
2013 French books
Email/Yammer: [email protected]
Twitter: @ngeorgeault
 Introduction
 Demo
 Demo
 Demo
 Demo
 Takeaways
• SharePoint On-Premises requires a number of Service
Applications to support Hybrid
• Secure Store is required for inbound Hybrid
• User Profile Service required to rehydrate users for
Security Trimming
Four Steps to Configure Onedrive and Sites Hybrid
1. Infrastructure Pre-Requisites
2. Setup AD Connect (DirSync)
3. ADFS Server and Proxy
4. Hybrid Picker
Required Tools
• Active Directory Connect - Link
• Azure Active Directory Module for Windows PowerShell –
• SharePoint Online Management Shell – Link
Infrastructure Pre-Requisites – Verify Internal
• Verify the internal AD domain name with Office 365 –
Needs to be a routable domain!
• Enables Microsoft to verify that you “own” the domain
• If you are using a non-routable domain (.local) for AD – all
is not lost!
• Verifying a domain increases the Office 365 object limit
from 50K to 300K!
Infrastructure Pre-Requisites – Verify Internal
• In my environment the AD domain is which
isn’t routable!
• I purchased and associated this with the AD
domain by adding a UPN Suffix
• Updated user accounts to use the new domain
Infrastructure Pre-Requisites – Verify Internal
• Involves adding a temporary DNS record to the domain
• The existence of this record is verified by Microsoft to
validate domain ownership
• Instructions included for the most common DNS hosting
Infrastructure Pre-Requisites – Verify Internal
Infrastructure Pre-Requisites – Active Directory
• AD domain must be at least Windows Server 2003 Forest
Functional Level
• Run IdFix to identify objects that could cause sync issues and
o Illegal characters
o Duplicate entries
o Length
o …
Infrastructure Pre-Requisites – Activate Directory
Admin Center
Setting up AD Connect
1. Install and configure the AD COnnect tool – Link
2. Assign user licenses in Office 365
Additional Considerations
• For greater control over the attributes that are
synchronised to Azure AD select Azure AD app
and attribute filtering
• Password write-back requires Azure AD Premium
Checking Directory Synchronisation
Directory Synchronisation – Notification e-mail
Assigning Licenses using the Office 365 Portal
Assigning Licenses using PowerShell
• Licenses all users with a Username (UPN) of *
• Also sets their location to CA
AD Connect Schedule
• By default AD Connect will sync AD users with Office 365
every 3 hours
• A sync can be manually performed using
DirectorySyncClientCmd.exe – automate using a
Scheduled Task
• Account is created in AD during AD Connect configuration
• Used by AAD Connect to read attributes from AD
• This account is granted the following
Replicating Directory Changes
• Replicating Directory Changes All
• Added a custom domain to Office 365 (
• Tidied up AD and activated Directory Sync in Office 365
• Setup Azure AD Connect to sync users from On-Premises
AD to Office 365 (Azure AD)
• Launch Hybrid Picker from SharePoint 2013 Server with
Office 365 Admin account
Brendan Griffin for his session:
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
See you next year!
Saturday July 9, 2016
Thank you!
Toronto Enterprise Collaboration User Group
Change Management, Governance, SharePoint, Office 365,
Yammer, PowerBI, etc
Toronto SharePoint Business Users Group