News of an Office 365 DirSync replacement was hardly surprising. Microsoft has been making changes to the Office 365 environment at an unprecedented rate. While the majority of these updates have affected the services users access, the way that identities synchronise has also changed. As of 13 April 2017, DirSync will no longer be supported, leaving companies with little choice – and little time – but to move away from the platform.
Office 365 DirSync replacement: RETAIN the link to your on-premises AD
When Office 365 was first released, a method for linking cloud identities to an on-premises Active Directory was also introduced. The system was called DirSync.
DirSync linked the business’s on-premises Active Directory to Azure AD. This enabled identities to be passed on to Office 365 (please note that every Office 365 customer has an Azure AD, whether they know about it or not).
As time passed, other methods to synchronise identities were provided. These were:
- Links to Forefront Identity Manager (FIM)
Using the Microsoft Online Management Agent (MSOMA) or Windows Azure Active Directory MA (WAAD)
- Azure AD Sync
- Azure AD Connect
In reality, the MSOMA and DirSync can be seen as the same service. DirSync really used a hidden version of FIM and a variant of the MSOMA to connect identities.
An updated version of the same setup was produced and called Azure AD Sync (AD Sync). This used a similar connection to the FIM WAAD management agent.
Introducing Azure AD Connect
Azure AD Connect is the latest synchronisation technology – and the only one that is still being developed. The current version provides additional support when linked to the Azure environment. This includes:
- Password write back: enabling password self-service
- Device write back: enabling registered devices to be shown in the AD
- Group write back: changes in group membership in the cloud are synchronised to AD
Microsoft has gone on record to state that these functions are not going to be added to the WAAD connector, which was provided to link to FIM.
The Azure AD Connect can be installed as an ‘in place’ upgrade, but generally (and to provide a cleaner back out plan) it is installed as a new system using a matching configuration.
More recently, Microsoft has announced that the DirSync, and therefore the MSOMA, connections will not be supported from April 2017. Any customer using either of these technologies needs to upgrade or replace the system before then.
What does this mean for your business?
It really depends on what the synchronisation is doing. If the current DirSync or MSOMA is providing a standard synchronisation without any modification, then a simple replacement with a new Azure AD Connect can be provided.
If there is any complexity to the synchronisation, then the implementation of Azure AD Connect probably needs to be tailored. Alternatively, you may find be that WAAD MA should be implemented to replace the MSOMA.
Businesses who are currently using DirSync and Azure AD Sync can expect to receive a series of notification emails from Microsoft, containing reminders and instructions during the next few months to upgrade to Azure Active Directory Connect.
Whichever method is needed, it should be investigated quickly as the clock is ticking fast – April 2017 is really not that far away.
Microsoft needs customers to update their synchronisation to a current technology. This is good for businesses, as the new version is more capable, easier to configure, supports more scenarios and offers greater flexibility than DirSync.
A full understanding of the current synchronisation is key to the replacement. If you are unsure, then please speak to an expert who can ensure your system is updated before Microsoft’s support is switched off. There may even be an opportunity to update other Office 365 access services, including moving from ADFS 1 or 2 to ADFS 3.
We can help you
If your organisation needs support switching from DirSync to Azure AD Connect, please fill in the short form below and a member of our friendly team will be in touch shortly with more information.