• State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 2773 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Activeroles Hybrid AD Management

endre.igesund-crayon.no
over 6 years ago

HI.

Is there any good documentation on this around?

How are you supposed to manage groups, those cloud-only groups?

The ones synced from AD should be fine, but what about those only created in cloud/o365?

 

Have read something about Sync and writeback, but wouldn't that create the groups in ad, and then ad-connect would make them synced again?

 

How about enabling of remote mailboxes, is this expected to be supported soon?

 

  • 0 over 6 years ago
    With Office 365, Microsoft introduced a new object type: SecurityGroup objects. Note that these are different than on-prem Security Groups, which are Group Objects. SecurityGroup objects are extremely difficult to manage from an Active Roles perspective because they have no unique identifier which crosses systems - they have a unique objectID, but that's it. Unless Active Roles creates the object and sets the objectID during creation, we cannot programmatically distinguish one Group from another, because the objectID doesn't really have value other than being unique.

    If you want to be able to programmatically link and then manage Groups in Azure, I suggest mail-enabling them. This will allow for a cross-system unique attribute which can be used to link Groups across different systems. Then, the Active Roles back-sync can populate an objectID and it is possible to manage Azure Groups from the on-prem Active Roles Web Interface.

    The Back Sync doesn't create Groups if it is configured as recommended, it just updates existing Groups with the Azure objectID and advises Active Roles that they are enabled.

    Managing existing remote mailboxes is currently supported, but creating/enabling is not yet available. Enhancement TF00699961 was created for this feature. It does not yet have a target version.