Directory Synchronization with EOP Services Only - Help Requested

Question

Hi,

We are wanting to deploy AD Sync with O365 but only use EOP services for Spam filtering (O365 quarantine mailboxes only) . We have an on premise Exchange 2010 environment. We will not be moving any mailboxes at all. I have been researching for weeks and have found so much stuff out there (old and new) concerning AD sync but not much at all specific to my scenario for EOP services only. If I understand correctly (after a week of researching based on old ADsync tool) the latest and greatest tool to use should be the Azure AD Connect? Also, I am under impression O365 and Azure AD is really considered to be one and the same when it comes to AD sync? Can anyone provide guidance on the correct process to sync my AD on premise environment with O365 EOP services only?

Also, our forest has multiple domains and we are only looking to sync our North America domain and leave our EMEA domain alone (they will not be utilizing directory sync). Please provide any feedback possible or point me in the right direction.

Thanks!

Claude

Answer 1

Hi Claude,

First, for “If I understand correctly (after a week of researching based on old ADsync tool) the latest and greatest tool to use should be the Azure AD Connect?“, now the latest tool is Azure AD Connect but the old DirSync still can be used and is still being supported by Microsoft. So you can use either of them to sync your AD users to Office 365.

For “Also, I am under impression O365 and Azure AD is really considered to be one and the same when it comes to AD sync?”, yes, your understanding is correct. Office 365 can be considered as an application under Azure AD.

For your situation, basically, you need to firstly sync your on-premises users to Office 365 using either of the syncing tools. And change the MX to point to EOP. Then create one outbound (from Office 365 to your own email server) and one inbound connector (from your own email server to Office 365) in Office 365 to make the mail flow work between your on-premises server and Office 365. The messages sent from on-premises or from internet will be scanned by EOP. You can find the detailed information of it from the following link

https://technet.microsoft.com/en-us/library/jj723153(v=exchg.150).aspx

Meanwhile, as you are using an EOP standalone plan, we have a dedicated support channel for EOP customers, if you encounter any problems, you can contact our technical support based on the contact information from the following article

https://technet.microsoft.com/en-us/library/jj723132%28v=exchg.150%29.aspx  

Thanks for your time.

Best regards,

Ran

Answer 2

Thanks Ran. Our EOP environment is already up and have been using it for several years. Was migrated from the old FOPE. All connectors already established and working fine. Changes made last January broke our Helpdesk ability to create 365 accounts during onboarding process without giving them full access to the environment on 365. So we are now looking at the sync process to do this for us. Just want to make sure we can do it only for our US domain in our forest and NOT our EMEA domain. Looks like that can be done easily enough with the new Azure AD Connect. Our biggest concern was that this process is doable when only using EOP services. Thanks for your reply and the link!