See how to copy and/or sync all the users in your Office 365 Active Directory to the new RDS deployment.
This article refers to the MyCloudIT Gen 2 platform, which was launched in 2015. Look for MyCloudIT Gen 3 to be launched in Summer 2020.
This guide will show you how to copy and/or sync all the users in your Office 365 Active Directory to the new RDS deployment. From the Deployment, go to Office 365.
Multi-Factor Authentication (MFA) must be temporarily disabled for the credentials to be used for the Copy or Sync user process. If you are configuring synchronization, it usually takes 24 hours to synchronize, then you can re-enable MFA for the credentials. If you are copying users, once the copy process is complete, you can re-enable MFA.
Copy User allows you to copy users from an existing directory into this deployment’s directory. It does not provide synchronization capability.
This choice gives you the ability to copy users from multiple different accounts. It also allows you to copy users from an account that may have already been fully synced with another directory. The directories between this deployment and the copied account won’t ever be fully synced, meaning changes made in either directory won’t reflect in the other.
Regarding users: Users may be copied as many times as you would like, however, we do not match users or domains against existing users in the deployment directory, meaning if you choose to copy “John Doe” for a second (or third) time, a duplicate user will be created and the original will not be updated.
Regarding Passwords: After selecting your users to copy over you will need to set a temporary default password for these users on the deployment. We strongly recommend that upon signing into the deployment for the first time that all users reset their password to a safe and secure phrase that only they would know. This can be done by hitting the keys Ctrl+Alt+Delete, then selecting ‘Change Password’.
Sync User allows you to copy users and have the users synced with the original directory. This method is more restrictive since you cannot sync with the deployment if the directory you are attempting to sync has already been synced elsewhere within the Microsoft network.
Sync User ensures that any changes made to the users in the deployment are propagated to the original directory and vice versa. While changes may not be visible immediately, they usually appear within 30 – 45 minutes. Alternatively, you can force a sync to occur at any time you wish by selecting the ‘Force Sync’ option.
Regarding users: Users are matched using both username and domain name, so you will never have to reselect and copy a user again while the deployment is synced. However, it is important to note that while you may select more users to sync later, you cannot ‘desync’ any individual or groups of users. The only way to desync an individual user is to desync the deployment as a whole then resync with your desired users. Ideally, in order to avoid this process, you should instead simply delete the user. This will remove the user from the deployment and the synced directory, but reserve the user in a ‘recycle bin’ within Office 365 so you may restore the user in the future should you wish.
Regarding Passwords: After selecting your users to copy over into the deployment and setting the temporary default password for these users, you will have an opportunity to sync with Office 365 with or without syncing the user passwords. If ‘Sync with Passwords’ has been selected, the current set password for each user in the deployment will be copied back into Office, effectively overwriting any existing passwords set in Office 365. Users may reset their password at any time, either inside the deployment or inside their Office account. A change in either location will reflect in the other.
Selecting ‘Sync without Passwords’ will not copy or overwrite any passwords in Office. However, this will result in users having two different passwords between the deployment and their Office account. Please note that after the first sync process completes you will not be able to reselect the option to sync with or without passwords again later.
We strongly recommend that upon signing into the deployment for the first time that all users reset their password to a safe and secure phrase that only they would know. This can be done by hitting the keys Ctrl+Alt+Delete, then selecting ‘Change Password’.
- Sync with Password Synchronization: This option allows your users to sign in to the cloud using the same passwords that they use on-premises. Password synchronization does not store or send clear text passwords.
- Sync without Password Synchronization: This option allows your users to do federated sign in using a solution not managed by this wizard. While logging in to the corporate network, your users can access cloud resources without entering their passwords again.