Embed Size (px)
Citation preview
Making Sense of Microsoft Identities in a Hybrid World
Jason Himmelstein, SharePoint MVPOffice 365 Advisory Services Manager@sharepointlhornhttp://www.sharepointlonghorn.com
Todd Klindt, SharePoint MVPSharePoint Principal Architect@toddklindthttp://www.toddklindt.com/blog
www.rackspace.com
Who is this Todd Klindt guy?• SharePoint MVP since 2006• Speaker, writer, consultant, Aquarius, Iowa Native• Fan of all sorts of Microsoft technologies• Personal Blog
www.toddklindt.com/blog
• Twitter me! @toddklindt
• If you’re not already sick of him• http://www.toddklindt.com/netcast
www.rackspace.com
That other guy… Jason something
• SharePoint Server MVP • Office 365 Advisory Services Manager, Rackspace• ITPro enthusiast, Business Intelligence geek,
& general technology fan boy• Writes good, Speaks ok, Smells delightful• Re-installed Texan, die-hard Spurs, Longhorns, & Jaguars
fan
• Geek Blog: www.sharepointlonghorn.com • On the Twitters: @sharepointlhorn • GitHub: www.github.com/jasonhimmelstein
www.rackspace.com
Discount code: Klindt
Shameless self promotion
Discount code: RACKSPACE
www.rackspace.com
• History lesson
• Defining Terminology
• Active Directory Core Concepts & Concerns
• Topology & Security
• Use Cases
• Homework
Agenda
www.rackspace.com
• Bad news… we are ITPros! NO DEV TALK HERE
• Good news… The Microsoft Cloud Show covered the Azure AD dev topics recently!
• http://www.microsoftcloudshow.com/podcast/Episodes/087-catching-up-with-paul-schaeflein-on-azure-ad-improvements
Were you hoping for a dev focused talk?
www.rackspace.com
History lesson
www.rackspace.com
• The dark days – SharePoint 2003 & 2007
History lesson
www.rackspace.com
• Age of enlightenment - SharePoint 2010
History lesson
www.rackspace.com
• Age of the Internet - SharePoint 2013
History lesson
www.rackspace.com
Defining Terminology
www.rackspace.com
• Active Directory
• User Principal Name
• Azure Active Directory
• Identity as a Service
• DirSync
• ADFS
• Azure ADConnect
Defining Terminology
www.rackspace.com
Azure AD Connect: Your Identity Bridge
Box
Citrix
Concur
GoToMeeting
Concur
Docusign
Azure AD Connect
(sync + sign on)
Active Directory
LDAP
Other identity stores
DropBox
Google apps
Jive
Salesforce
Servicenow
WorkdayCommonSign on
www.rackspace.com
Hybrid Identity management
Azure AD Connect
Azure Active Directory ConnectConsolidated deployment assistant for your identity bridge components
Azure AD HealthCommon monitoring for your identity bridge components
Sync Services
DirSync
Azure AD Sync
FIM + Azure AD
Connector ADFS
ADFSHealth
www.rackspace.com
• FSMO roles, AD DNS, WINS, NETBIOS, etc
• Dirty, dirty directories
• 2003 (Everyone group) --> 2008 (Authenticated Users group)
• UPN issues around migration
• Schema extensions
Active Directory Core Concepts & Concerns
www.rackspace.com
• ADFS vs DirSync
• Multifactor Auth
Topology & Security
www.rackspace.com
Same Sign On scenario
www.rackspace.com
Single Sign On scenario
www.rackspace.com
Highly Available Auth scenario
www.rackspace.com
• Old environment moving to a new Hybrid Estate
• New Farm Identities
• Extranet situations
Use Cases
www.rackspace.com
• Office 365 tenant
• Azure AD Trial
• 2 VMs– 1 AD Domain Controller (ADDC)
– 1 ADDConnect Server
• Download AADConnect
• If you want extra credit…– 1 additional VMs
• 1 ADFS Servers (in real world this would be 2 ADDCs & 2 ADFS with a load balancer)
– SSL cert
Homework
Q & A
