Myths about Directory Synchronization in Office 365

By: Emiley J Printer Friendly Format    

One-Way or Two-way Synchronization?

Some new admins get confused with Directory Synchronization. They think that the synchornization is two-ways, which means what you change in On-Premise will be updated to Office 365 and changes you make in Office 365 will be updated back to your AD. In reality, this is NOT the case. It is only ONE-WAY PUSH. The Directory Synchronization Tool replicates objects from the local Active Directory into Office 365. For example, if you add a user to Active Directory, that user will appear in Office 365 at the next synchronization interval. This allows the Global Address List for Office 365 to be populated with the full list of users in Active Directory. When Office 365 users search for names in Outlook, Outlook Web App, Lync Communicator, or another service that uses the Global Address List, they see additional details about the users they are searching for. In this way, Office 365 users have experiences almost identical to those of on-premises users. Users created by the Directory Synchronization Tool must be activated before they can sign into the service. Office 365 licenses are not automatically consumed when users are first created, either after deploying directory synchronization or adding users to Active Directory when the Directory Synchronization tool is running.

When you add changes to Office 365, they are not moved into the local Active Directory by default. For example, if you validate a new domain in Office 365, that domain will not appear automatically in your local Exchange environment. However, you can write (and update) a limited set of Active Directory attributes from Office 365 to the local Active Directory if the directory synchronization write-back feature is enabled. For more information, see the Write-Back Capabilities section in this document.

How Passwords in AD is synchronized?

This is usually a misconception that passwords from AD are always synchronized to Office 365. On the contrary, Passwords stored in Active Directory are NOT replicated to Office 365, and passwords created in Office 365 are not moved to Active Directory. When using Cloud Identities, you must manage Office 365 passwords in addition to local sign-in credentials. If you implement single sign-on with your deployment, you do not need to manage Office 365 passwords.

Ask a Question



Most Viewed Articles (in Office365 )

Comparison: SharePoint Online Plan 1 vs SharePoint Online Plan 2

xxxx cannot be loaded because the execution of scripts is disabled on this system. Please see “get-help about_signing” for more details.

Setting up Office 365 in Android phones and tablets

Change Dirsync synchronization frequency

Making your Alias email as 'Send As' in Office 365

Outlook Live couldn't sign in to the user account on the IMAP messaging system.

An Outlook Live mailbox wasn't found for the user.

The user's mailbox has already been migrated.

Outlook Live couldn't connect to the IMAP server.

The user's Outlook Live mailbox is full.

Steps to Create Shared Mailbox in office 365

Change primary e-mail address of a Office 365 user or group

Error: "the current user is required to be a builtin\administrator directory sync - Office 365 Directory Sync

How to configure Outlook in a staged migration of Office 365

Configure IIS as SMTP relay server for Office 365

Latest Articles (in Office365)

Comment on this tutorial

Ask a Question

Subscribe to Tutorials

Related Tutorials

Archived Comments

1. however there are solution providers to sync passw
View Tutorial          By: Jason at 2013-03-19 19:19:43

2. its very useful......to me
View Tutorial          By: dinesh at 2014-08-26 12:47:38

3. This article is not correct. Two-way synchronizat
View Tutorial          By: Travis at 2015-07-14 12:28:32

4. Travis could you share steps to configure correctl
View Tutorial          By: Shailesh S. at 2015-09-09 09:36:20

5. Shawncob
View Tutorial          By: Shawncob at 2017-01-27 15:56:27