{"id":31,"date":"2014-04-30T03:00:49","date_gmt":"2014-04-30T03:00:49","guid":{"rendered":"https:\/\/regroove.ca\/stellark\/?p=31"},"modified":"2023-02-24T19:25:43","modified_gmt":"2023-02-24T19:25:43","slug":"dirsync-rescue","status":"publish","type":"post","link":"https:\/\/regroove.ca\/stellark\/2014\/04\/30\/dirsync-rescue\/","title":{"rendered":"DirSync to the Rescue"},"content":{"rendered":"

\"2014-05-01_13-22-11\"
\n<\/a><\/p>\n

Dirsync with \u201cpassword sync\u201d combined with Office 365 Multi-Factor authentication offers the ability to utilize and enjoy a SIMILAR sign-on experience as Single Sign On without having to undertake the arduous task of setting up an AD FS infrastructure.<\/p>\n

Recently I began poking around to familiarize myself with AD FS 2012 R2 (v3.0) and I was surprised by all the forum posts I came across where customers asked \u201cHow do I migrate from AD FS to DirSync?\u201d   \u201cHow do I Un-Federate?\u201d<\/p>\n

It was only in June 2013 that Office 365\u2019s Directory Synchronization tool (DirSync) became capable of a new feature \u201cpassword sync\u201d.  This allowed for the ability to synchronize and match local AD passwords with Office 365.  Before this version release the only means to configure this feature was to either install SSO which meant AD FS or find a third party password tool.<\/p>\n

I set out to compare the two forms of sign-on.  DirSync offered \u201csame-sign on\u201d whereby a user could login to Office 365 with their Same local AD account password and AD FS offered \u201csingle-sign on\u201d allowing a user to access domain dependant web and desktop apps without having to enter their credentials after they had already authenticated to the domain.  The latter being achieved through the federated trust between AD and the application.<\/p>\n

So, why do Federated users want to switch to DirSync?<\/p>\n

An AD FS set up, even with the new features in AD FS 2012 R2, is still or is recommended to be a multi server, high availability, fault tolerant, load balanced and sometimes even replicated environment.  Based on only 2 servers per role this could mean up to 4 servers (and 6 if you decide to use SQL in a cluster).  Then if you decide to replicate this for even greater fault tolerance you\u2019ve got 12 servers notwithstanding the load balancers and firewalls that would need to be implemented as well.  This also assumes you installed AD FS 2012 R2 and Dirsync on the domain controllers, which you can do now.<\/p>\n

DirSync on the other hand installs nicely on a Domain Controller (recently supported by MS) or you can opt to install it on a standalone domain joined machine.  This alone is a great reason to opt for DirSync with \u201cpassword sync\u201d.  Here are some other reasons:<\/p>\n