Setting up Office 365

This is a quick guide how to set up Office 365 according to Microsoft best practice. This is what the setup looks like:

This is what you need:

  • Windows Server 2008 R2 for DirSync.
  • Windows Server 2008 R2 for ADFS federation. This can be a domain controller.
  • Windows Server 2008 R2 for ADFS federation proxy in DMZ. This can be an IIS.
  • Account to log into these machines. This account needs to be local admin to be able to install DirSync and ADFS.
  • Account that is member of Enterprise Admins. This account is needed to configure DirSync. A service account, MSOL_AD_SYNC, is created in Users container.
  • Active Directory service account for ADFS, e.g. ADFS2SVC.
  • SSL certificate for ADFS, e.g. This certificate needs to be added to IIS of both ADFS and ADFS proxy servers.
  • External DNS record for to point at ADFS proxy. In internal DNS it should point at internal ADFS.

Information about setting up DirSync:

Read more about SSO with ADFS:

  • Make sure you have the service account created.
  • Make sure you have the SSL certificate available.
  • You may need an account with higher priviledges when configuring ADFS on first server, since it creates a container in Active Directory.
  • Make sure DNS records are correct. ADFS proxy needs to finns ADFS on
  • Run the Powershell commands to create a trust to Office 365 from ADFS (not ADFS proxy).

According to the recommendations from Microsoft you need load balanced ADFS and ADFS proxy servers, which means they should be at least two on each side.

Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *