Time
2 hours 42 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:01
Welcome back to the office. 3 65 Migration primer Course
00:05
I'm your starter, Jim Daniels. And today we're gonna go over Model three Identity Lesson six, which is the last lesson of this module. Deadly management.
00:15
In this lesson, we're gonna go over daily management distinctions between your different identities, setups and officer existed. Five
00:23
multiple ways to manage objects and Officer 65. And what happens in the event
00:28
they won't promise connection issue or disaster? What does that mean for your office? Online users.
00:36
If you are in a cloud only user environment,
00:39
everything is managed with the 3 65 Admin Center or the azure ADM and center quote only a Can't you do not manage one promise
00:48
hybrid user environment.
00:50
The guests and cloud created accounts you manage those in Azure A. D or the office. 3 65 Admin Center
00:58
for on premise accounts exists in your on premise, out of directory about our seat
01:03
and authenticated either through as Radi Canete or a DFS
01:07
those air still managed on prime.
01:10
Remember, we talked about where you use your one premise at the right re tools, such as a duck to manage those users
01:17
certain cloud only attributes of those users, such as licensing information for office 3 65 Those are still managed in office. 3 65 admits in a or in the azure a D admin center.
01:30
Password management
01:32
cloud Users can update their password when they know the prior one. Within any as Radi Town.
01:38
You know your password. You can always reset it.
01:41
Certain. 3 65 ad men's we talked about roles earlier can reset all cloud user passwords and 3 65 Admin Center or in the Azure, A D admin center
01:52
on premise. Users can reset and manage your password through on premise, tools and services, whether it's through the Windows Client interface or you have some tool already deployed
02:04
on premise. Adminis can also reset in Man's on Premises created user passwords through those on premise directory tools.
02:12
Another method for users to manage passwords is by the point self service Password reset. This is a feature that requires either as your a D premium one or premium to license or the pretend it is under the end for 65 business.
02:29
The Azure 80 premium wanted to. Those are also included as part of the Enterprise Mobility and Security suites.
02:37
Password right back has to be enabled in as radi Connect
02:39
Ford function for the ST Users,
02:43
Adminis can combine self service password reset in multi factor authentication registration at the same time.
02:51
In this scenario, a user doesn't matter if they or a quality only user where it won't premise user that a sink through 80 connect they can actually go on when they have all been the 3 65
03:04
and set their passports taken. Reset the password based on the second factor, they can unlock their account,
03:13
and it's a really nice way
03:15
for users to be able to manage those themselves. Because think about it. What's always your number one call when you don't have self managed these passports to your several steps has always Hey, I'm locked out. Can you help me reset my password? This helps alleviate those calls.
03:34
There are some nuances within Azure 80 connect. One of them is once a U. P. N is sink initially for a new user,
03:42
it's not automatically updated,
03:44
so if you have a user, their name changes. You misspelled their name. Maybe if they get married or get divorced
03:52
and you change it in on premise Active directory. It will not automatically update
03:57
Display name Will Mel Proxy. All that stuff does, but the U. P. And they used for an account log in will not
04:05
you have to use power show for that?
04:08
Speaking of power shell, there are a few things that you can manage within your as your 80 connect.
04:14
By importing the module a D sink
04:16
with important *** model a D sink,
04:18
you can actually load up and look at some configuration and stink options. Using the command set Dash 80 ST Sync schedule,
04:28
you can also manually kick off a sink for a full seek. A start dash 80 sink sink cycle space dash policy type space initial.
04:39
If you want to do a Delta ST considered a full sink, replace that word initial with Delta and performing Delta Sink
04:46
Power Shelling Officer 65
04:49
Power Show is a fantastic management tool with office 3 65
04:54
If you want to fully manage your officer 65 azure A D environment, you have to use the power show
05:00
some of you. It kind of freaks you out, but you will have to get used to it
05:04
because there are certain things in power shell that you can do that you cannot do. In the admin centers,
05:12
there are two power shell versions that you need. The first is one of the original
05:18
my herself, as her at a directory model for power Show
05:23
those commands the prefixes mso Well,
05:28
the more recent one is the azure active directory power shell for graft
05:31
Perfect for those commands
05:33
as our a d.
05:34
All right, so we have mso Well, we have as your a d as your two versions of power cell that you're gonna need to be comfortable with.
05:43
For MSO willpower. Sue,
05:46
you need to install a 64 bit Microsoft Online Services signing assistant to the machine that will be using power. So
05:53
you need to install the module in power show as an admin installed dash module messa AMs on
06:00
to connect connect dash in my civil service, it'll prompt you for your user name and password.
06:08
Things are license assignments and user account management
06:11
such as reset in the UPM.
06:14
Those are things that currently you do in MSL you do not do those in azure a. D as of yet
06:20
for as your 80 power show, where your eye assessment needs to be a Windows Seven plus or Windows Server 2008 or two. Plus
06:29
you just all the module in power show as an and then just like within this. Although
06:33
installed as model as radi
06:36
to connect Canete, that's as or a D.
06:41
So think of as Radi as Version two
06:44
to manage office 3 65 and Azure, A. D and power show. Newer features of office 3 65 such as unified groups.
06:53
You could manage those within Azure 80 Power shell, but you cannot through msrb l Power Show
06:59
when using as Radi connect, the U P and Attribute doesn't update after the initial sink of the account. Is that true of faults? We talked about it briefly.
07:10
The answer to that is true. Remember, it doesn't update the UPM
07:14
after it's created the object in Azure 80
07:17
you have to use power shell for that. Let's talk about Dior or emergency.
07:24
What happens for your users? They're authentication. They're signing Inability for the Officer C C five services. If you have a major disaster or some of your one premise network or infrastructure goes down.
07:36
Quote only accounts they operate is know All they need is Internet.
07:41
If they're connected, they can reset, log in access everything a D connects. Users can still again passed, Review said, are updated via on premise with the on premises of the rectory. They won't update if the azure 80 connection was broke.
07:58
But users in the cloud still function as as normal, and your saint users can still again a DFS. Remember a single point of failure. If you're a DFS environment goes down, you have to switch up. Indication to Azure 80. Connect as a backup, where users cannot access the services at all.
08:16
So as a Radi Canete,
08:18
users can still access services in law again. There's some limited synchronization and update abilities at that connections. Berg, a. DFS. If that goes down, you have to switch it in order for users to be able to authenticate
08:33
a lot of companies or doing back up infrastructure in the cloud as Dior option. Sometimes that includes shut down version of a DFS that they spend up after one prim
08:43
this compromise or has issues. Sometimes it's a as your 80 connect server
08:50
toe where they replicate on premise there as Radi connects over to the cloud.
08:54
And if there is a issue with the premise, they roll it over to the clouds, where users can still get in and they can do some basic management. To recap. Dante, Mass. Murder
09:07
Power Shell is a valuable and needed tool for completely daily management of Officer 65. Currently, you need both in Esso and as your A D Power Shell models for full management of the Features
09:20
Self Service Password for recent is a feature that requires a premium azure 80 license. Thank you so much for taking time out of your schedule to join me in this, and I hope to see you for the next model. Thank you.

Up Next

Office 365 Migration

In this Office 365 migration training, we look at the migration processes involved with Office 365 including preparation, identity configuration and Exchange, SharePoint and OneDrive migrations. Multiple scenarios are covered with supported migration techniques.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor