This section provides a step-by-step guide on how to set up GAL Sync for Microsoft 365 Hybrid Tenants.
To begin at least two (2) hybrid tenants must be configured in Directory Sync. Each hybrid tenant will consist a cloud environment and a local Active Directory environment. At the end of this section there will be two (2) hybrid tenants with four (4) local and cloud environments fully configured.
An environment is an end-point connection that can control the scope of objects read. This guide will walk through how to create the source and target hybrid environments.
To create a cloud environment, an Office 365 Global Administrator is required during set up for each tenant. During the initial set up, Directory Sync will create a new unlicensed user account within each tenant. This account is used to orchestrate some of the PowerShell automation related to directory synchronization services. This account will be created with the Exchange, User and Team Administrator Roles to facilitate its designated jobs.
The Global Administrator account used to set up the environments, is required for directory synchronization services, as it is used to facilitate Graph API related automation activities. The account role can be safely lowered to User, Team and Exchange Administrator once the previously mentioned PowerShell account is created.
To create a local AD environment for the hybrid tenant, the following are required
One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to create, update or delete depending on the scope of your Directory Sync workflows.
One (1) Windows Server to install and host the Directory Sync Agent.
Follow these steps to setup the cloud environment endpoints.
Navigate to Environments
Click the New button
Click Cloud as the environment type, Click Next
Name the environment, Click Next
The Global Administrator credentials should be in-hand and ready
Click the Connect button
Login to Microsoft 365
Accept the requested Application Permissions
Select any discovery group(s) that will be used to determine which objects are part of the environment (See Pro Tip 1)
Do not place a check in the “INCLUDE OBJECTS SYNCHRONIZED WITH A LOCAL ACTIVE DIRECTORY VIA MICROSOFT ENTRA CONNECT” option as this is a cloud environment with hybrid objects that originate in an On-Premises Active Directory. For hybrid objects, we will be utilizing Local to Local setup to perform the GAL Sync.
Click Next, then Finish
Repeat steps 2 – 11 for the next cloud environment
Follow these steps to setup the cloud environment endpoints.
Navigate to Environments
Click the New button
Click Local as the environment type, Click Next
Name the environment, Click Next
Name the local agent, Click Next
Note the agent registration URL and registration Key for later use, click Finish.
Install the agent in the Windows Server that is joined to the local AD domain. Refer to On Demand Migration Active Directory User Guide for detailed information about agent installation and set-up requirements.
Once agent is installed and the environment is discovered, click on the Setting button to access the local AD environment setting page.
Under General Tab, select the Microsoft 365 tenant from the tenant drop down list under ‘Which cloud environment should this environment associated with?” (See Pro Tip 18)
Click on the Organization Unit tab and define the OU filter based on your project scope.
Click on the Filters tab and define any LDAP filter based on your project scope.
Click Save.
Repeat steps 2 – 12 for the next local environment
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center