![\"\"](\"http:\/\/powerkjell.com\/wp-content\/uploads\/2013\/02\/Office-365.jpg\" "\\"Office")
<\/a><\/p>\nThis is what you need:<\/p>\n
- \n
- Windows Server 2008 R2 for DirSync.<\/li>\n
- Windows Server 2008 R2 for ADFS federation. This can be a domain controller.<\/li>\n
- Windows Server 2008 R2 for ADFS federation proxy in DMZ. This can be an IIS.<\/li>\n
- Account to log into these machines. This account needs to be local admin to be able to install DirSync and ADFS.<\/li>\n
- Account that is member of Enterprise Admins. This account is needed to configure DirSync. A service account, MSOL_AD_SYNC<\/strong>, is created in Users container.<\/li>\n
- Active Directory service account for ADFS, e.g. ADFS2SVC<\/strong>.<\/li>\n
- SSL certificate for ADFS, e.g. fs.powerkjell.com<\/strong>. This certificate needs to be added to IIS of both ADFS and ADFS proxy servers.<\/li>\n
- External DNS record for fs.powerkjell.com <\/strong>to point at ADFS proxy. In internal DNS it should point at internal ADFS.<\/li>\n<\/ul>\n
Information about setting up DirSync: http:\/\/technet.microsoft.com\/en-us\/library\/hh967642.aspx<\/a><\/p>\n
- \n
- Remember to check your environment using Microsoft Deployment Readiness Tool<\/a> and to activate DirSync using https:\/\/portal.microsoftonline.com<\/a>. This may take up to 24 hours to apply. Read more about preparations here: http:\/\/technet.microsoft.com\/en-us\/library\/jj151831.aspx<\/a><\/li>\n
- Create a sync account in Office 365 and set the alternative e-mail address to a monitored address for\u00a0catching DirSync errors.<\/li>\n
- Do not start DirSync immediately in case you need to configure DirSync: http:\/\/technet.microsoft.com\/en-us\/library\/hh967629.aspx<\/a><\/li>\n
- Make sure you understand mapped attributes: http:\/\/support.microsoft.com\/kb\/2256198\/en-us<\/a><\/li>\n<\/ul>\n
Read more about SSO with ADFS: http:\/\/technet.microsoft.com\/en-us\/library\/hh967628.aspx<\/a><\/p>\n
- \n
- Make sure you have the service account created.<\/li>\n
- Make sure you have the SSL certificate available.<\/li>\n
- You may need an account with higher priviledges when configuring ADFS on first server, since it creates a\u00a0container in Active Directory.<\/li>\n
- Make sure DNS records are correct. ADFS proxy needs to finns ADFS on fs.powerkjell.com<\/strong>.<\/li>\n
- Run the Powershell commands to create a trust to Office 365 from ADFS (not ADFS proxy).<\/li>\n<\/ul>\n
According to the recommendations from Microsoft you need load balanced ADFS and ADFS proxy servers, which means they should be at least\u00a0two on each side.<\/p>\n
Good luck!<\/p>\n","protected":false},"excerpt":{"rendered":"
This is a quick guide how to set up Office 365 according to Microsoft best practice. This is what the setup looks like: This is what you need: Windows Server 2008 R2 for DirSync. Windows Server 2008 R2 for ADFS … Continue reading
- Run the Powershell commands to create a trust to Office 365 from ADFS (not ADFS proxy).<\/li>\n<\/ul>\n
- Active Directory service account for ADFS, e.g. ADFS2SVC<\/strong>.<\/li>\n