Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh...
-
Upload
darrell-walsh -
Category
Documents
-
view
217 -
download
2
Transcript of Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh...
![Page 1: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/1.jpg)
SHAREPOINT AND OFFICE 365 HYBRID CONFIGURATION FROM A TO Z
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault
Negotium Technologies
@Ju_Stroh et @NGeorgeault
![Page 2: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/2.jpg)
2
@JU_STROH - SUPERMAN
Julien Stroheker
Team Lead @ Negotium Technologies
Speaker and blogger http://www.pimpthecloud.com
https://channel9.msdn.com/Blogs/Pimp-The-Cloud-Show
![Page 3: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/3.jpg)
3
@NGEORGEAULT - BATMAN
Nicolas GeorgeaultCIO & SharePoint Senior Architect @Negotium
20 years of experience in IT
8 with SharePoint
6 as a SharePoint MVP
Co-author of Microsoft SharePoint Server 2010 and 2013 French books
Email/Yammer: [email protected]
Twitter: @ngeorgeault
Blog: http://blog.georgeault.co
![Page 4: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/4.jpg)
4
AGENDA
Introduction
Demo
Demo
Demo
Demo
Takeaways
![Page 5: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/5.jpg)
ON-PREMISES SERVICE APPLICATIONS• SharePoint On-Premises requires a number of Service Applications to support Hybrid
• Secure Store is required for inbound Hybrid• User Profile Service required to rehydrate users
for Security Trimming
![Page 6: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/6.jpg)
DEPLOYMENT STEPS
Four Steps to Configure Onedrive and Sites Hybrid1. Infrastructure Pre-Requisites2. Setup AD Connect (DirSync)3. ADFS Server and Proxy4. Hybrid Picker
![Page 7: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/7.jpg)
DEPLOYMENT STEPS
Required Tools• Active Directory Connect - Link• Azure Active Directory Module for Windows
PowerShell – Link• SharePoint Online Management Shell – Link
![Page 8: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/8.jpg)
DEMO 1: INFRASTRUCTURE PRE-REQUISITES
![Page 9: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/9.jpg)
DEPLOYMENT STEPS
Infrastructure Pre-Requisites – Verify Internal Domain• Verify the internal AD domain name with Office 365
– Needs to be a routable domain!• Enables Microsoft to verify that you “own” the
domain• If you are using a non-routable domain (.local) for AD – all is not lost!
• Verifying a domain increases the Office 365 object limit from 50K to 300K!
![Page 10: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/10.jpg)
DEPLOYMENT STEPS
Infrastructure Pre-Requisites – Verify Internal Domain• In my environment the AD domain is contoso.com
which isn’t routable!• I purchased o365ug.ca and associated this with the
AD domain contoso.com by adding a UPN Suffix• Updated user accounts to use the new domain
![Page 11: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/11.jpg)
DEPLOYMENT STEPS
Infrastructure Pre-Requisites – Verify Internal Domain• Involves adding a temporary DNS record to the
domain• The existence of this record is verified by Microsoft
to validate domain ownership• Instructions included for the most common DNS
hosting providers
![Page 12: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/12.jpg)
DEPLOYMENT STEPS
Infrastructure Pre-Requisites – Verify Internal Domain
![Page 13: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/13.jpg)
DEPLOYMENT STEPS
Infrastructure Pre-Requisites – Active Directory• AD domain must be at least Windows Server 2003 Forest
Functional Level• Run IdFix to identify objects that could cause sync issues and
remediateo Illegal characterso Duplicate entrieso Lengtho …
![Page 14: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/14.jpg)
DEPLOYMENT STEPS
Infrastructure Pre-Requisites – Activate Directory Sync
PowerShell
Admin Center
![Page 15: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/15.jpg)
DEMO 1: INFRASTRUCTURE PRE-REQUISITES
![Page 16: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/16.jpg)
DEPLOYMENT STEPS
Setting up AD Connect1. Install and configure the AD COnnect tool – Link2. Assign user licenses in Office 365
![Page 17: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/17.jpg)
DEMO 2: SETTING UP AD CONNECT
![Page 18: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/18.jpg)
DEPLOYMENT STEPS
Additional Considerations• For greater control over the attributes that are synchronised to Azure AD select Azure AD app and attribute filtering
• Password write-back requires Azure AD Premium
![Page 19: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/19.jpg)
DEPLOYMENT STEPS
Checking Directory Synchronisation
![Page 20: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/20.jpg)
DEPLOYMENT STEPS
Directory Synchronisation – Notification e-mail
![Page 21: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/21.jpg)
DEPLOYMENT STEPS
Assigning Licenses using the Office 365 Portal
![Page 22: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/22.jpg)
DEPLOYMENT STEPS
Assigning Licenses using PowerShell• Licenses all users with a Username (UPN) of *.o365ug.ca
• Also sets their location to CA
![Page 23: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/23.jpg)
DEPLOYMENT STEPS
AD Connect Schedule• By default AD Connect will sync AD users with Office 365 every 3 hours
• A sync can be manually performed using DirectorySyncClientCmd.exe – automate using a Scheduled Task
![Page 24: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/24.jpg)
DEPLOYMENT STEPS
Account• Account is created in AD during AD Connect
configuration• Used by AAD Connect to read attributes from AD
• This account is granted the following permissions:
• Replicating Directory Changes• Replicating Directory Changes All
![Page 25: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/25.jpg)
DEMO 3: RUN HYBRID PICKER SCENARIOS
![Page 26: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/26.jpg)
BASE CONFIGURATION FOR HYBRID
Summary• Added a custom domain to Office 365 (o365ug.ca)• Tidied up AD and activated Directory Sync in Office 365
• Setup Azure AD Connect to sync users from On-Premises AD to Office 365 (Azure AD)
• Launch Hybrid Picker from SharePoint 2013 Server with Office 365 Admin account
![Page 27: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/27.jpg)
33
ANY QUESTION?
![Page 28: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/28.jpg)
34
SPECIAL THANKS - CREDITS
Brendan Griffin for his session:Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
![Page 29: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/29.jpg)
GO
LDTHANK YOU SPONSORS!
RA
FFLE
SIL
VE
R
PLATINUM
![Page 30: Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium Technologies @Ju_Stroh et @NGeorgeault.](https://reader034.fdocuments.in/reader034/viewer/2022042718/56649e865503460f94b899b5/html5/thumbnails/30.jpg)
Thank you!Toronto Enterprise Collaboration User GroupChange Management, Governance, SharePoint, Office 365, Yammer, PowerBI, etchttp://www.meetup.com/TSPBUG/Toronto SharePoint Business Users Grouphttp://www.meetup.com/TorontoSPUG/
Saturday July 9, 2016
See you next year!