Myths about Directory Synchronization in Office 365

By: Emiley J  

One-Way or Two-way Synchronization?

Some new admins get confused with Directory Synchronization. They think that the synchornization is two-ways, which means what you change in On-Premise will be updated to Office 365 and changes you make in Office 365 will be updated back to your AD. In reality, this is NOT the case. It is only ONE-WAY PUSH. The Directory Synchronization Tool replicates objects from the local Active Directory into Office 365. For example, if you add a user to Active Directory, that user will appear in Office 365 at the next synchronization interval. This allows the Global Address List for Office 365 to be populated with the full list of users in Active Directory. When Office 365 users search for names in Outlook, Outlook Web App, Lync Communicator, or another service that uses the Global Address List, they see additional details about the users they are searching for. In this way, Office 365 users have experiences almost identical to those of on-premises users. Users created by the Directory Synchronization Tool must be activated before they can sign into the service. Office 365 licenses are not automatically consumed when users are first created, either after deploying directory synchronization or adding users to Active Directory when the Directory Synchronization tool is running.

When you add changes to Office 365, they are not moved into the local Active Directory by default. For example, if you validate a new domain in Office 365, that domain will not appear automatically in your local Exchange environment. However, you can write (and update) a limited set of Active Directory attributes from Office 365 to the local Active Directory if the directory synchronization write-back feature is enabled. For more information, see the Write-Back Capabilities section in this document.

How Passwords in AD is synchronized?

This is usually a misconception that passwords from AD are always synchronized to Office 365. On the contrary, Passwords stored in Active Directory are NOT replicated to Office 365, and passwords created in Office 365 are not moved to Active Directory. When using Cloud Identities, you must manage Office 365 passwords in addition to local sign-in credentials. If you implement single sign-on with your deployment, you do not need to manage Office 365 passwords.

Most Viewed Articles (in Office365 )

Is autodiscover CNAME a must in Office 365

Outlook Live couldn't sign in to the user account on the IMAP messaging system.

An Outlook Live mailbox wasn't found for the user.

Myths about Directory Synchronization in Office 365

xxxx cannot be loaded because the execution of scripts is disabled on this system. Please see “get-help about_signing” for more details.

Email limits and message limitations in Office 365

How to configure Outlook in a staged migration of Office 365

What is Ofice 365 Home Premium

Comparison: SharePoint Online Plan 1 vs SharePoint Online Plan 2

Migrating SharePoint WSS2.0 site to SharePoint Online and Backup the SharePoint Online

On-premise Exchange and Lync Online integration

Create Word, Excel, PowerPoint using Office Web Apps in Office 365

365 office login (office 365 login)

Configure SSO for a domain with ADFS - Convert a domain to a federated domain in Office 365

What is Office 365 Midsize Business Plan?

Latest Articles (in Office365)

Comment on this tutorial

Subscribe to Tutorials

Related Tutorials

Archived Comments

1. however there are solution providers to sync passw
View Tutorial          By: Jason at 2013-03-19 19:19:43

2. its very me
View Tutorial          By: dinesh at 2014-08-26 12:47:38

3. This article is not correct. Two-way synchronizat
View Tutorial          By: Travis at 2015-07-14 12:28:32

4. Travis could you share steps to configure correctl
View Tutorial          By: Shailesh S. at 2015-09-09 09:36:20

5. Shawncob
View Tutorial          By: Shawncob at 2017-01-27 15:56:27